JVN#72854072: Aipo vulnerable to cross-site request forgery

2011-08-16T00:00:00
ID JVN:72854072
Type jvn
Reporter Japan Vulnerability Notes
Modified 2011-08-16T00:00:00

Description

## Description

Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a cross-site request forgery vulnerability.

## Impact

If an administrative user views a malicious page while logged into Aipo, data stored within Aipo may be altered.

## Solution

Update the Software
Update to the latest version according to the information provided by the developer.

This issue has been resolved in Aipo Version 4.0.4.0.

## Products Affected

  • Aipo versions prior to 4.0.4.0
  • Aipo for ASP versions prior to 4.0.4.0