Cross site scripting

2007-11-0517:46:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.2%

JSON

Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page.

CPENameOperatorVersion
cosminexus_application_server_enterpriseeq<= 651j
cosminexus_application_server_standardeq<= 651j
cosminexus_developer_light_version_6eq<= 651j
cosminexus_developer_professional_version_6eq<= 651j
cosminexus_developer_standard_version_6eq<= 651j
cosminexus_servereq<= 4-1
ucosminexus_application_server_enterpriseeq<= 7501
ucosminexus_application_server_standardeq<= 7501
ucosminexus_developer_lighteq<= 671d
ucosminexus_developer_professionaleq<= 7501

Name	Operator	Version
cosminexus_application_server_enterprise	eq	<= 651j
cosminexus_application_server_standard	eq	<= 651j
cosminexus_developer_light_version_6	eq	<= 651j
cosminexus_developer_professional_version_6	eq	<= 651j
cosminexus_developer_standard_version_6	eq	<= 651j
cosminexus_server	eq	<= 4-1
ucosminexus_application_server_enterprise	eq	<= 7501
ucosminexus_application_server_standard	eq	<= 7501
ucosminexus_developer_light	eq	<= 671d
ucosminexus_developer_professional	eq	<= 7501

Rows per page:

1-10 of 441

References

osvdb.org/42027

secunia.com/advisories/27421

www.hitachi-support.com/security_e/vuls_e/HS07-035_e/index-e.html

www.securityfocus.com/bid/26271

www.vupen.com/english/advisories/2007/3666