Amateras SNS Unspecified Cross-Site Scripting Vulnerability

Bugtraq ID:	21489
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 08 2006 12:00AM
Updated:	Dec 08 2006 05:14PM
Credit:	Fukumori is credited with the discovery of this vulnerability.
Vulnerable:	Amateras sns 3.11
Not Vulnerable:	Amateras sns 3.12

Amateras SNS Unspecified Cross-Site Scripting Vulnerability

Amateras SNS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Amateras SNS 3.11 and prior versions are vulnerable to this issue.

Amateras SNS Unspecified Cross-Site Scripting Vulnerability

An attacker can trigger this vulnerability by enticing a victim user to follow a malicious URI.

Amateras SNS Unspecified Cross-Site Scripting Vulnerability

Solution:
The vendor has released version 3.12 to address this issue; please see the references for details.

Amateras SNS Unspecified Cross-Site Scripting Vulnerability

References:

• Amateras sns HomePage (Amateras)
  
• JVN#34830904 (JVN)