Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

1 vulnerability found for NewsGlue by Glue Software Corporation

JVNDB-2007-000225

Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00

Severity ?

() - -

Summary

NewsGlue and Ikinari Jijyoutsuu arbitrary script execution vulnerability

Details

NewsGlue and Ikinari Jijyoutsuu are RSS readers. An arbitrary script embedded in RSS feeds could be executed in either of the RSS readers, as they fail to handle the output of RSS information properly.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN64227086/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1610
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1611
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1610
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1611
	SECUNIA	http://secunia.com/advisories/24603
	BID	http://www.securityfocus.com/bid/23094
	XF	http://xforce.iss.net/xforce/xfdb/33166
	FRSIRT	http://www.frsirt.com/english/advisories/2007/1074

Impacted products

Vendor

Product

	Glue Software Corporation	NewsGlue
	SOURCENEXT CORPORATION	IKINARI JIJYOU

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000225.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "NewsGlue and Ikinari Jijyoutsuu are RSS readers. An arbitrary script embedded in RSS feeds could be executed in either of the RSS readers, as they fail to handle the output of RSS information properly.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000225.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:glue_software:newsglue",
      "@product": "NewsGlue",
      "@vendor": "Glue Software Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sourcenext:ikanari_jijyou",
      "@product": "IKINARI JIJYOU",
      "@vendor": "SOURCENEXT CORPORATION",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "6.4",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000225",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN64227086/index.html",
      "@id": "JVN#64227086",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1610",
      "@id": "CVE-2007-1610",
      "@source": "CVE"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1611",
      "@id": "CVE-2007-1611",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1610",
      "@id": "CVE-2007-1610",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1611",
      "@id": "CVE-2007-1611",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/24603",
      "@id": "SA24603",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/23094",
      "@id": "23094",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/33166",
      "@id": "33166",
      "@source": "XF"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/1074",
      "@id": "FrSIRT/ADV-2007-1074",
      "@source": "FRSIRT"
    }
  ],
  "title": "NewsGlue and Ikinari Jijyoutsuu arbitrary script execution vulnerability"
}