Published:2006/11/30 Last Updated:2008/05/21

JVN#08494205

Chama Cargo cross-site scripting vulnerability

Overview

Chama Cargo, a cgi program written in perl for creating shopping websites, contains a cross-site scripting vulnerability.

Products Affected

Chama Cargo v4.36 and earlier

For more information, refer to the vendor's website.

Description

Impact

An arbitrary script may be executed on the user's web browser.

Solution

Vendor Status

Vendor	Status	Last Update	Vendor Notes
Chama-Net	Vulnerable	2006/11/30

References

JPCERT/CC Addendum

Credit

Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia	JVNDB-2006-000803

JVN#08494205 Chama Cargo cross-site scripting vulnerability