Published:2014/09/17  Last Updated:2016/11/22

JVN#36205251
365 Links series vulnerable to cross-site scripting

Overview

365 Links series provided by php365.com contain a cross-site scripting vulnerability.

Products Affected

  • 365 Links Ver.3.11 and earlier
  • 365 Links2 Ver.3.11 and earlier
  • 365 Links+ Ver.2.10 and earlier
  • 365 Links2+ Ver.2.10 and earlier

Description

365 Links series provided by php365.com are link directory management tools. 365 Links series contain a cross-site scripting vulnerability.

Impact

An arbitrary script may be executed on the user's web browser.

Solution

Update the software
Update to the latest version according to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
php365.com Vulnerable 2014/09/17 php365.com website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v2 AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score: 4.3
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Credit

Koki Takahashi of Sony Global Education, Inc reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2014-5317
JVN iPedia JVNDB-2014-000106

Update History

2016/11/22
Information under the section "Credit" was updated.