JVN#92832583 Advance-Flow cross-site scripting vulnerability

2007-05-18T00:00:00
ID JVN:92832583
Type jvn
Reporter Japan Vulnerability Notes
Modified 2008-05-21T00:00:00

Description

## Description

Advance-Flow provided by OSK Co. LTD contains a cross-site scripting vulnerability, as it does not properly handle output data. Some application forms are not affected by this vulnerability and some are, depending on the contents of the application forms.

## Impact

An arbitrary script may be executed on the user's web browser.

## Solution

Update the Software
Apply the updates provided by the vendor.

Fixed versions:

  • Advance-Flow Ver 4.42 or later
  • Advance-Flow Forms Ver 4.42 or later

## Products Affected

  • Advance-Flow Ver 4.41 and earlier
  • Advance-Flow Forms Ver 4.41 and earlier