jvndb - jvndb-2010-001088

JVNDB-2010-001088

Vulnerability from jvndb - Published: 2010-03-03 12:00 - Updated:2010-03-03 12:00

Severity ?

() - -

Summary

uCosminexus Portal Framework Cross-Site Scripting Vulnerability

Details

uCosminexus Portal Framework has a cross-site scripting vulnerability.

References

Type

URL

Cross-site Scripting(CWE-79)

https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Hitachi, Ltd	Cosminexus Collaboration Portal
	Hitachi, Ltd	Cosminexus Portal Framework
	Hitachi, Ltd	Electronic Form Workflow
	Hitachi, Ltd	Groupmax Collaboration Portal
	Hitachi, Ltd	Groupmax Collaboration Web Client
	Hitachi, Ltd	Groupmax Collaboration Web Client - Mail/Schedule
	Hitachi, Ltd	JP1/Integrated Management
	Hitachi, Ltd	uCosminexus Collaboration Portal
	Hitachi, Ltd	uCosminexus Content Manager
	Hitachi, Ltd	uCosminexus Electronic Form Workflow
	Hitachi, Ltd	uCosminexus Navigation
	Hitachi, Ltd	uCosminexus Portal Framework

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001088.html",
  "dc:date": "2010-03-03T12:00+09:00",
  "dcterms:issued": "2010-03-03T12:00+09:00",
  "dcterms:modified": "2010-03-03T12:00+09:00",
  "description": "uCosminexus Portal Framework has a cross-site scripting vulnerability.",
  "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001088.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:cosminexus_collaboration_portal",
      "@product": "Cosminexus Collaboration Portal",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_portal_framework",
      "@product": "Cosminexus Portal Framework",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:electronic_form_workflow",
      "@product": "Electronic Form Workflow",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:groupmax_collaboration_portal",
      "@product": "Groupmax Collaboration Portal",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:groupmax_collaboration_web_client",
      "@product": "Groupmax Collaboration Web Client",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:groupmax_collaboration_web_client_mail_schedule",
      "@product": "Groupmax Collaboration Web Client - Mail/Schedule",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:jp1_integrated_management",
      "@product": "JP1/Integrated Management",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_collaboration_portal",
      "@product": "uCosminexus Collaboration Portal",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_content_manager",
      "@product": "uCosminexus Content Manager",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_electronic_form_workflow",
      "@product": "uCosminexus Electronic Form Workflow",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_navigation",
      "@product": "uCosminexus Navigation",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_portal_framework",
      "@product": "uCosminexus Portal Framework",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2010-001088",
  "sec:references": {
    "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
    "@id": "CWE-79",
    "@title": "Cross-site Scripting(CWE-79)"
  },
  "title": "uCosminexus Portal Framework Cross-Site Scripting Vulnerability"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

JVNDB-2010-001088

Tags

Sightings

Nomenclature