[Japanese]
|
JVNDB-2016-000068
|
HumHub vulnerable to cross-site scripting
|
HumHub is a software framework for developing a social networking service (SNS). HumHub contains a cross-site scripting vulnerability.
Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V3 Severity: Base Metrics 5.4 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
CVSS V2 Severity: Base Metrics 4.0 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: Single Instance
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
HumHub
- HumHub versions 0.20.0-beta.1 through 0.20.1
- HumHub versions 1.0.0-beta.1 through 1.0.0-beta.2
|
|
An arbitrary script may be executed on the user's web browser.
|
[Update the software]
Update to the latest version according to the information provided by the developer.
According to the developer, this issue was addressed in version 1.0.0-beta.3.
|
HumHub
|
- Cross-site Scripting(CWE-79) [IPA Evaluation]
|
- CVE-2016-1229
|
- JVN : JVN#56167268
- National Vulnerability Database (NVD) : CVE-2016-1229
|
- [2016/05/24]
Web page was published
[2016/06/08]
References : Content was added
|