JVN#23891849 ADPLAN cross-site scripting vulnerability

2007-06-07T00:00:00
ID JVN:23891849
Type jvn
Reporter Japan Vulnerability Notes
Modified 2008-05-21T00:00:00

Description

## Description

ADPLAN Version 3, web access measurement software provided by Opt, Inc., contains a cross-site scripting vulnerability in the SEO (search engine optimization) module.
A website that employs ADPLAN Version 3 service generates a web page using the HTTP header information sent from a client web browser.
However, as the HTTP header information sent from a user's web browser is not handled correctly by ADPLAN Version 3, an arbitrary script could be executed on the user's web browser if the user is forced to visit a site using ADPLAN service through an attack.

## Impact

An arbitrary script may be executed on the user's web browser.

## Solution

Update the Software
We recommend users upgrade to the latest version of the software provided by the vendor.

## Products Affected

ADPLAN Version 3's SEO module