BID:25447

Tuigwaa Unspecified Cross-Site Scripting Vulnerability

Info

Tuigwaa Unspecified Cross-Site Scripting Vulnerability

Bugtraq ID:	25447
Class:	Input Validation Error
CVE:	CVE-2007-4587
Remote:	Yes
Local:	No
Published:	Aug 27 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	Fukumori is credited with the discovery of this vulnerability.
Vulnerable:	The Seasar Foundation Tuigwaa 1.0.4

Not Vulnerable:	The Seasar Foundation Tuigwaa 1.0.5

Discussion

Tuigwaa Unspecified Cross-Site Scripting Vulnerability

Tuigwaa is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to Tuigwaa 1.0.5 are vulnerable.

Exploit / POC

Tuigwaa Unspecified Cross-Site Scripting Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

Solution / Fix

Tuigwaa Unspecified Cross-Site Scripting Vulnerability

Solution:
The vendor has released Tuigwaa 1.0.5 to address this issue. Please see the vendor references for more information.

References

Tuigwaa Unspecified Cross-Site Scripting Vulnerability

References:

Tuigwaa Homepae (The Sesar Foundation)
JVN#82276964 (JPCERT/CC)