JVN#09115481: Cross-site scripting vulnerability in multiple Rocomotion products

2011-01-18T00:00:00
ID JVN:09115481
Type jvn
Reporter Japan Vulnerability Notes
Modified 2011-01-18T00:00:00

Description

Multiple products (P board etc.) provided by Rocomotion contain a cross-site scripting vulnerablility.

## Impact

An arbitrary script may be executed on the user's web browser.

## Solution

Update the Software
Update to the latest version according to the information provided by the developer.

This issue has been resolved in the following versions.

  • P board 1.19
  • P board with G 1.14
  • P board R 1.18
  • P board R with G 1.18
  • P board RI 1.19
  • P board RI with G 1.17
  • P board RI with GBO 1.13
  • P forum 1.31
  • P up board 1.39
  • P up board with G 1.28
  • P up board with GBO 1.19
  • P up board I with G 1.18
  • P up board random 1.29
  • P up board random 2 1.03
  • P diary R 1.14
  • P link 1.12
  • P link compact 1.05
  • pplog 3.32
  • pplog2 3.38
  • PM bbs 1.08
  • PM up bbs 1.09
  • PM forum 1.19

## Products Affected

  • P board 1.18 and earlier
  • P board with G 1.13 and earlier
  • P board R 1.17 and earlier
  • P board R with G 1.17 and earlier
  • P board RI 1.18 and earlier
  • P board RI with G 1.16 and earlier
  • P board RI with GBO 1.12 and earlier
  • P forum 1.30 and earlier
  • P up board 1.38 and earlier
  • P up board with G 1.27 and earlier
  • P up board with GBO 1.18 and earlier
  • P up board I with G 1.17 and earlier
  • P up board random 1.28 and earlier
  • P up board random 2 1.02 and earlier
  • P diary R 1.13 and earlier
  • P link 1.11 and earlier
  • P link compact 1.04 and earlier
  • pplog 3.31 and earlier
  • pplog2 3.37 and earlier
  • PM bbs 1.07 and earlier
  • PM up bbs 1.08 and earlier
  • PM forum 1.18 and earlier