JVN#29852698: Cross-site scripting vulnerability in RevoCounter CGI (Animation Counter)

Overview

RevoCounter CGI (Animation Counter) from futomi's CGI Cafe contains a cross-site scripting vulnerability.

Products Affected

RevoCounter CGI (Animation Counter) Ver 1.3 and earlier

Description

RevoCounter CGI (Animation Counter) from futomi's CGI Cafe is a software that displays an animated counter on a webpage. RevoCounter CGI (Animation Counter) contains a cross-site scripting vulnerability.

Impact

An arbitrary script may be executed on the user's web browser.

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Vendor Status

Vendor	Link
futomi's CGI Cafe	Update for the users of RevoCounter CGI (Animation Counter) - (Japanese Only)
	RevoCounter CGI (Animation Counter) Ver 1.4 (Japanese Only)

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2009.07.24

Measures	Conditions	Severity
Access Required	can be attacked over the Internet using packets	High
Authentication	anonymous or no authentication (IP addresses do not count)	High
User Interaction Required	the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file	Mid
Exploit Complexity	the user must be convinced to take a difficult or suspicious action. If the honest user must have elevated privileges, they are likely to be more suspiciouse	High

Description of each analysis measures

Credit

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia	JVNDB-2009-000049

JVN#29852698 Cross-site scripting vulnerability in RevoCounter CGI (Animation Counter)