JVN#42381549 Internet Scanner reporting engine vulnerable to cross-site scripting

2008-02-21T00:00:00
ID JVN:42381549
Type jvn
Reporter Japan Vulnerability Notes
Modified 2008-05-21T00:00:00

Description

## Description

IBM Internet Scanner has a function to generate a report as an HTML file. Internet Scanner's reporting engine does not properly sanitize data before generating this report. This vulnerability may allow an attacker to insert an arbitrary script, which is executed on the user's web browser when the user views the output HTML file.

## Impact

An arbitrary script may be executed on the user's web browser when the user views the report. An arbitrary file in a client PC could be viewed depending on the content of the script.

## Solution

Update the Software
Update the software to the latest version according to the information released by the vendor.
For more information, refer to the vendor's website.

## Products Affected

  • Internet Scanner 7.0 Service Pack 2 7.2.2005.52 Release