JVN#23563149: KENT-WEB ACCESS REPORT vulnerable to cross-site scripting

2012-12-06T00:00:00
ID JVN:23563149
Type jvn
Reporter Japan Vulnerability Notes
Modified 2012-12-06T00:00:00

Description

## Description

ACCESS REPORT provided by KENT-WEB is a software to analyze web access logs. ACCESS REPORT contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page.

Note that this vulnerability is different from JVN#68830017.

## Impact

An arbitrary script may be executed on the user's web browser.

## Solution

Update the Software
Update to the latest version and modify the particular method in which tags are embedded into the web page, according to the information provided by the developer.

## Products Affected

  • ACCESS REPORT v5.02 and earlier