Vulnerability CVE-2010-3931

Vulnerability CVE-2010-3931

Published: 2011-01-20 Modified: 2012-02-13

Description:

Cross-site scripting (XSS) vulnerability in multiple Rocomotion products, including P board 1.18 and other versions, P forum 1.30 and earlier, P up board 1.38 and other versions, P diary R 1.13 and earlier, P link 1.11 and earlier, P link compact 1.04 and earlier, pplog 3.31 and earlier, pplog2 3.37 and earlier, PM bbs 1.07 and earlier, PM up bbs 1.08 and earlier, and PM forum 1.18 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
Rocomotion -> P board
Rocomotion -> P diary r
Rocomotion -> P forum
Rocomotion -> P link
Rocomotion -> P link compact
Rocomotion -> P up board
Rocomotion -> Pm bbs
Rocomotion -> Pm forum
Rocomotion -> Pm up bbs
Rocomotion -> Pplog
Rocomotion -> Pplog 2

References:

http://xforce.iss.net/xforce/xfdb/64745

http://www.securityfocus.com/bid/45838

http://secunia.com/advisories/42957

http://osvdb.org/70495

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000006.html

http://jvn.jp/en/jp/JVN09115481/index.html

http://another.rocomotion.jp/12949466953653.html

Copyright 2024, cxsecurity.com