Webservice-DIC shop_v50 And shop_v52 Multiple Cross-Site Scripting Vulnerabilities
BID:31006
Info
Webservice-DIC shop_v50 And shop_v52 Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 31006 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3935 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 03 2008 12:00AM |
| Updated: | May 07 2015 05:24PM |
| Credit: | Mr. Syuuya Ueki |
| Vulnerable: |
Webservice-DIC shop_v52 2.0 Webservice-DIC shop_v50 3.0 |
| Not Vulnerable: | |
Discussion
Webservice-DIC shop_v50 And shop_v52 Multiple Cross-Site Scripting Vulnerabilities
Webservice-DIC shop_v50 and shop_v52 are prone to multiple cross-site scripting vulnerabilities because the applications fail to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect the following versions:
shop_v50 3.0 and prior versions
shop_v52 2.0 and prior versions
Webservice-DIC shop_v50 and shop_v52 are prone to multiple cross-site scripting vulnerabilities because the applications fail to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect the following versions:
shop_v50 3.0 and prior versions
shop_v52 2.0 and prior versions
Exploit / POC
Webservice-DIC shop_v50 And shop_v52 Multiple Cross-Site Scripting Vulnerabilities
An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.
An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.
Solution / Fix
Webservice-DIC shop_v50 And shop_v52 Multiple Cross-Site Scripting Vulnerabilities
Solution:
The vendor has released an update. Please see the references for more information.
Solution:
The vendor has released an update. Please see the references for more information.
References
Webservice-DIC shop_v50 And shop_v52 Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- JVN#79914432 shop_v50 and shop_v52 cross-site scripting vulnerabilities (JPCERT/CC)
- Product homepage (Webservice-DIC)