Published:2005/06/06  Last Updated:2008/05/21

JVN#0DC004F6
desknet's cross-site scripting vulnerability

Overview

If a user views HTML email containing a malicious script, it could be executed.

This problem allows execution of script having patterns other than those addressed in JVN#F88C2C13 (additional information to JVN#89DE2014).

Products Affected

  • desknet's version 4.2J R1.9

Description

Impact

lf a login ID, password, or session information is leaked, an attacker could impersonate a user to view email, alter configuration information, etc.

Solution

Vendor Status

Vendor Status Last Update Vendor Notes
NEOJAPAN,Inc. Vulnerable 2005/06/06

References

JPCERT/CC Addendum

Credit

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2005-000773

Update History