Cybozu Garoon vulnerable to arbitrary script execution

Overview Cybozu Garoon, a groupware from Cybozu, contains a vulnerability that allows an attacker to execute an arbitrary script when a user views RSS feed. Yoshiki Kawada of LAC Little eArth Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information...

JVN#52363223: Cybozu Garoon vulnerable to arbitrary script execution

Cybozu Garoon, a groupware from Cybozu, contains a vulnerability that allows an attacker to execute an arbitrary script when a user views RSS feed. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor...

CGIWrap error page cross-site scripting vulnerability

Overview CGIWrap error page is vulnerable to a cross-site scripting. CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms on the web server. CGIWrap contains a cross-site scripting vulnerability as it does not specify charset in the error page. Hirohisa Yamaguc...

Sleipnir and Grani vulnerable to arbitrary script execution when Bookmark search results are restored from history

Overview Sleipnir and Grani, web browsers from Fenrir & Co., contain a vulnerability in the bookmark search function that allows an attacker to execute an arbitrary script when search results are restored from history. Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search...

Pixelpost cross-site scripting vulnerability

Overview Pixelpost, an open source content management system used for photo albums, etc., contains a cross-site scripting vulnerability. Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information Security Early Warnin...

WEB MART from KENT WEB vulnerable to cross-site scripting

Overview WEB MART, from KENT WEB, contains a cross-site scripting vulnerability. WEB MART provided by KENT WEB is shopping cart software. WEB MART contains a cross-site scripting vulnerability. Akira Noda of Tokyo Institute of Technology reported this vulnerability to IPA. JPCERT/CC coordinated...

Groupmax World Wide Web Desktop/BUNSHOKANRI(=DocumentManagement) Cross-Site Scripting Vulnerability

Overview A cross-site scripting vulnerability has been found in the Groupmax World Wide Web Desktop/BUNSHOKANRI =DocumentManagement. Impact A remote attacker could execute malicious scripts. Solution Please refer to the 'Vendor Information' section for official countermesure and take appropriate...

Hitachi Groupmax Collaboration Products Cross-Site Scripting Vulnerability

Overview A cross-site scripting vulnerability has been found in the Hitachi Groupmax Collaboration products. Impact A remote attacker could execute arbitrary scripts. Solution Please refer to the 'Vendor Information' section for official countermesure and take appropriate action...

JVN#25448394 Sleipnir and Grani vulnerable to arbitrary script execution when Bookmark search results are restored from history

Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted string is used in a search, an arbitrary script may be executed on the user's web browser when the...

bea-xss.txt

+============================================================================================+ + Oracle Corporation BEA WebLogic Portal & high XSS Vulnerabilities + +============================================================================================+ Authors: Ivan Sanchez Producto:...

Zimbra Collaboration Suite script execution vulnerability

Overview Zimbra Collaboration Suite, a web collaboration tool from Zimbra, Inc., contains a vulnerability that could allow a remote attacker to execute an arbitrary script on the user's web browser. Zimbra Collaboration Suite is a web collaboration tool that provides calendar, address book,...

Cross-site scripting vulnerability in multiple Tor World CGI scripts

Overview Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script can be...

Google Desktop cross-site scripting vulnerability

Overview Google Desktop contains a cross-site scripting vulnerability. Google Desktop, software for searching information on local computers, contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the web browser of a user who uses Google Desktop. Solution...

PC2M cross-site scripting vulnerability

Overview PC2M is an open source web application which converts web pages and images to be available on web-capable mobile devices such as cellphones and PDAs. PC2M contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update...

Serene Bach cross-site scripting vulnerability

Overview Serene Bach, a weblog management tool from SerendipityNZ Limited, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Also, session information or credential information kept in a cookie could be leaked. Solution None...

Trac cross-site scripting vulnerability

Overview Trac is a project management tool from Edgewall Software. InterAct Corp. provides a localized version of Trac in Japan. Trac wiki engine contains a cross-site scripting vulnerability which affects Microsoft Internet Explorer. Impact A remote attacker could possibly execute an arbitrary...

open-gorotto cross-site scripting vulnerability

Overview open-gorotto, open source software to create members-only community sites, contains a cross-site scripting vulnerability, as it does not properly handle output of usernames. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is...

Lunascape RSS reader arbitrary script execution vulnerability

Overview A vulnerability exists in the web browser Lunascape's RSS reader. An arbitrary script embedded in RSS feeds could be executed as the output of RSS information is not properly handled. Impact Arbitrary JavaScript could be executed within Lunascape's RSS reader. Solution None...

Internet Explorer vulnerable in handling MHTML protocol

Overview Internet Explorer is vulnerable in handling MHTML MIME Encapsulation of Aggregate HTML protocol, which allows the download dialog box to be bypassed. Some versions of Outlook Express are affected because the vulnerability is contained in Outlook Express component used by Internet Explore...

sHTTPd cross-site scripting vulnerability

Overview sHTTPd, from Uchu Ninja Neko-dan, contains a cross-site scripting vulnerability. sHTTPd from Uchu Ninja Neko-dan is a web server for Windows. sHTTPd contains a cross-site scripting vunerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...