Bayashi dopvCOMET* CVE-2013-0708 DOM Based Cross Site Scripting Vulnerability

Bugtraq ID:	58798
Class:	Input Validation Error
CVE:	CVE-2013-0708
Remote:	Yes
Local:	No
Published:	Feb 28 2013 12:00AM
Updated:	Feb 28 2013 12:00AM
Credit:	Masahiro YAMADA
Vulnerable:	bayashi dopvCOMET* 0009b
Not Vulnerable:

Bayashi dopvCOMET* CVE-2013-0708 DOM Based Cross Site Scripting Vulnerability

dopvCOMET* is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

dopvCOMET* 0009b is vulnerable; other versions may also be affected.

Bayashi dopvCOMET* CVE-2013-0708 DOM Based Cross Site Scripting Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user into following a malicious URI.

Bayashi dopvCOMET* CVE-2013-0708 DOM Based Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Bayashi dopvCOMET* CVE-2013-0708 DOM Based Cross Site Scripting Vulnerability

References:

• bayashi homepage (bayashi)
  
• JVN#64756004 dopvCOMET* vulnerable to cross-site scripting (JPCERT)
  
• JVNDB-2013-000013 dopvCOMET* vulnerable to cross-site scripting (JPCERT)
  
• Report of DOM Based XSS (bayashi)