Lucene search
Japan Vulnerability NotesJVN:20879350HistoryJun 09, 2015 - 12:00 a.m.
JVN#20879350: MilkyStep vulnerable to cross-site scripting
2015-06-0900:00:00
Japan Vulnerability Notes
jvn.jp
16
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
60.2%
MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a cross-site scripting vulnerability (CWE-79).
Impact
An arbitrary script may be executed on the userβs web browser.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
Products Affected
- MilkyStep Light Ver0.94 and earlier
- MilkyStep Professional Ver1.82 and earlier
- MilkyStep Professional OEM Ver1.82 and earlier
Related
nvd
nvd
CVE-2015-2957
2015-06-13 14:59:08
cvelist
cvelist
CVE-2015-2957
2015-06-13 14:00:00
cve
cve
CVE-2015-2957
2015-06-13 14:59:08
prion
prion
Cross site scripting
2015-06-13 14:59:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
60.2%
Related for JVN:20879350