Hitachi Collaboration Portal Products Cross-Site Scripting Vulnerabilities
BID:24263
Info
Hitachi Collaboration Portal Products Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 24263 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-3043 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 01 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | The vendor disclosed these issues. |
| Vulnerable: |
Hitachi uCosminexus Collaboration Portal - Forum/File Shar 6-30-/C Hitachi uCosminexus Collaboration Portal - Forum/File Shar 6-20-/D Hitachi uCosminexus Collaboration Portal 6-30-/D Hitachi uCosminexus Collaboration Portal 6-20-/E Hitachi Groupmax Collaboration Web Client - Forum/File Sharing 7-30-/C Hitachi Groupmax Collaboration Web Client - Forum/File Sharing 7-20-/D Hitachi Groupmax Collaboration Portal 7-30-/D Hitachi Groupmax Collaboration Portal 7-20-/E |
| Not Vulnerable: |
Hitachi uCosminexus Collaboration Portal - Forum/File Shar 6-30-/D Hitachi uCosminexus Collaboration Portal - Forum/File Shar 6-20-/E Hitachi uCosminexus Collaboration Portal 6-30-/E Hitachi uCosminexus Collaboration Portal 6-20-/F Hitachi Groupmax Collaboration Web Client - Forum/File Sharing 7-30-/D Hitachi Groupmax Collaboration Web Client - Forum/File Sharing 7-20-/E Hitachi Groupmax Collaboration Portal 7-30-/E Hitachi Groupmax Collaboration Portal 7-20-/F |
Discussion
Hitachi Collaboration Portal Products Cross-Site Scripting Vulnerabilities
Hitachi Collaboration Portal Products are prone to multiple cross-site scripting vulnerabilities because they fail to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected applications. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Hitachi Collaboration Portal Products are prone to multiple cross-site scripting vulnerabilities because they fail to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected applications. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Exploit / POC
Hitachi Collaboration Portal Products Cross-Site Scripting Vulnerabilities
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
Solution / Fix
Hitachi Collaboration Portal Products Cross-Site Scripting Vulnerabilities
Solution:
The vendor has released updated software to address these issues. Please see the vendor references for more information.
Solution:
The vendor has released updated software to address these issues. Please see the vendor references for more information.
References
Hitachi Collaboration Portal Products Cross-Site Scripting Vulnerabilities
References:
References:
- Hitachi Products Homepage (Hitachi)
- Hitachi: HS07-11 (Hitachi)