Published:2012/10/26 Last Updated:2012/10/26

Information from Come on Girls Interface

Vulnerability ID:JVN#00322303
Title:Tokyo BBS vulnerable to cross-site scripting
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

ISSUE:
Cross Site Scripting in ERROR PAGE.

SOLUTION:

You can update with the new program file "tokyo_bbs.cgi".
http://c61.org/archives/tokyo_bbs.zip

or you can edit the program file "tokyo_bbs.cgi".

- LINE 179
(original source)
print "ERROR: $FILE{'gsCustoFile'} : 設定ファイルが見つかりません。";

(update source)
print "ERROR: 設定ファイルが見つかりません。";

Addition:
Now "Tokyo BBS" is not supported and provided.

JVN
HOME
What is JVN ?
Instructions
List of Vulnerability Report
VN_JP
VN_JP(Unreachable)
VN_VU
TA
TRnotes
JVN iPedia
MyJVN
JVNJS/RSS
Vendor List
List of unreachable developers
Contact