Bayashi dopvSTAR* CVE-2013-0709 DOM Based Cross Site Scripting Vulnerability

Bugtraq ID:	58799
Class:	Input Validation Error
CVE:	CVE-2013-0709
Remote:	Yes
Local:	No
Published:	Feb 28 2013 12:00AM
Updated:	Feb 28 2013 12:00AM
Credit:	Masahiro YAMADA
Vulnerable:	bayashi dopvSTAR* 0091
Not Vulnerable:

Bayashi dopvSTAR* CVE-2013-0709 DOM Based Cross Site Scripting Vulnerability

dopvSTAR* is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

dopvSTAR* 0091 is vulnerable; other versions may also be affected.

Bayashi dopvSTAR* CVE-2013-0709 DOM Based Cross Site Scripting Vulnerability

To exploit this issue an attacker must entice an unsuspecting user into following a malicious URI.

Bayashi dopvSTAR* CVE-2013-0709 DOM Based Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Bayashi dopvSTAR* CVE-2013-0709 DOM Based Cross Site Scripting Vulnerability

References:

• bayashi homepage (bayashi)
  
• JVN#36339873 dopvSTAR* vulnerable to cross-site scripting (JPCERT)
  
• JVNDB-2013-000014 dopvSTAR* vulnerable to cross-site scripting (JPCERT)
  
• Report of DOM Based XSS (bayashi)