JVNDB-2006-000616

Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
Severity ?
() - -
Summary
DonutP and UnDonut confirmation dialog display vulnerability
Details
DonutP and its successor, unDonut, are IE-based tabbed web browsers. In DonutP and old versions of unDonut, Donut.P API does not require explicit user consent. Therefore DonutP and unDonut contain a vulnerability which may allow an attacker to execute a cross-site scripting and other attacks. DonutP.API is disabled by default, so this vulnerability only affects users who have activated it. In unDonut release10-beta-2 and later versions, the function displaying a dialog when a script is executed is enabled by default, and it requires an user's confirmation whether the script should be executed or not. Users of DonutP or old versions of unDonut are recommended to upgrade to the latest version of unDonut. Users are also recommended to enable the confirmation dialog display function when a script is to be executed.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000616.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "DonutP and its successor, unDonut, are IE-based tabbed web browsers. In DonutP and old versions of unDonut, Donut.P API does not require explicit user consent. Therefore DonutP and unDonut contain a vulnerability which may allow an attacker to execute a cross-site scripting and other attacks.\r\n\r\nDonutP.API is disabled by default, so this vulnerability only affects users who have activated it.\r\n\r\nIn unDonut release10-beta-2 and later versions, the function displaying a dialog when a script is executed is enabled by default, and it requires an user\u0027s confirmation whether the script should be executed or not.\r\n\r\nUsers of DonutP or old versions of unDonut are recommended to upgrade to the latest version of unDonut. Users are also recommended to enable the confirmation dialog display function when a script is to be executed.",
  "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000616.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:misc:undonut_donutp",
      "@product": "DonutP",
      "@vendor": "unDonut",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:misc:undonut_undonut",
      "@product": "UnDonut",
      "@vendor": "unDonut",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2006-000616",
  "sec:references": {
    "#text": "http://jvn.jp/en/jp/JVN7F8621DE/index.html",
    "@id": "JVN#7F8621DE",
    "@source": "JVN"
  },
  "title": "DonutP and UnDonut confirmation dialog display vulnerability"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.