JVNDB-2009-000031

Vulnerability from jvndb - Published: 2009-05-27 18:28 - Updated:2009-05-27 18:28
Severity ?
() - -
Summary
Cross-site scripting vulnerability in leger (free edition)
Details
leger (free edition) from 'AD2000' contains a cross-site scripting vulnerability. leger (free edition) from 'AD2000' is a software to manage conference room reservations. leger (free edition) contains a cross-site scripting vulnerability. The vendor has reported that Ver. 1.6.4 released on May 22, 2009 did not address the vulnerability. The vulernability has been addressed in Ver. 1.6.5 released on May 26, 2009. For more information, refer to the vendor's website. Tsuyoshi Ishibashi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000031.html",
  "dc:date": "2009-05-27T18:28+09:00",
  "dcterms:issued": "2009-05-27T18:28+09:00",
  "dcterms:modified": "2009-05-27T18:28+09:00",
  "description": "leger (free edition) from \u0027AD2000\u0027 contains a cross-site scripting vulnerability. \r\n\r\nleger (free edition) from \u0027AD2000\u0027 is a software to manage conference room reservations. leger (free edition) contains a cross-site scripting vulnerability. \r\n\r\nThe vendor has reported that Ver. 1.6.4 released on May 22, 2009 did not address the vulnerability. The vulernability has been addressed in Ver. 1.6.5 released on May 26, 2009. For more information, refer to the vendor\u0027s website.\r\n\r\nTsuyoshi Ishibashi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000031.html",
  "sec:cpe": {
    "#text": "cpe:/a:ad2000:meeting_room_reservations",
    "@product": "Meeting Room Reservations",
    "@vendor": "AdSystems Co.,Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2009-000031",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN57036470/index.html",
      "@id": "JVN#57036470",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2240",
      "@id": "CVE-2009-2240",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2240",
      "@id": "CVE-2009-2240",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/35148",
      "@id": "SA35148",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/35068",
      "@id": "35068",
      "@source": "BID"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Cross-site scripting vulnerability in leger (free edition)"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.