Dokodemo Rikunabi 2013 CVE-2012-1240 Cross Site Scripting Vulnerability

Bugtraq ID:	53008
Class:	Input Validation Error
CVE:	CVE-2012-1240
Remote:	Yes
Local:	No
Published:	Apr 13 2012 12:00AM
Updated:	Apr 13 2012 12:00AM
Credit:	Kazuhiko Kusano
Vulnerable:	RECRUIT CO.,LTD Dokodemo Rikunabi 2013 1.0
Not Vulnerable:

Dokodemo Rikunabi 2013 CVE-2012-1240 Cross Site Scripting Vulnerability

Dokodemo Rikunabi 2013 is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Dokodemo Rikunabi 2013 1.0.0 is vulnerable; other versions may also be affected.

Dokodemo Rikunabi 2013 CVE-2012-1240 Cross Site Scripting Vulnerability

An attacker can exploit the issue by enticing an unsuspecting user to visit a specially crafted URL.

Dokodemo Rikunabi 2013 CVE-2012-1240 Cross Site Scripting Vulnerability

Solution:
Updates are available; please see the references for details.

Dokodemo Rikunabi 2013 CVE-2012-1240 Cross Site Scripting Vulnerability

References:

• Dokodemo Rikunabi 2013 Homepage (RECRUIT CO.)
  
• JVN#90055996 Dokodemo Rikunabi 2013 vulnerable to cross-site scripting (JVN)