Published:2006/12/08 Last Updated:2008/05/21

JVN#34830904

Shobo Shobo Nikki System (sns) cross-site scripting vulnerability

Overview

Shobo Shobo Nikki System (sns), weblog scripts provided by Project Amateras, contains a cross-site scripting vulnerability.

Products Affected

sns 3.11 and earlier

Description

Impact

An arbitrary script may be executed on the user's web browser. Also, the administrator's password could be disclosed if cookie information is leaked.

Solution

Vendor Status

Vendor	Status	Last Update	Vendor Notes
Project Amateras	Vulnerable	2006/12/08

References

JPCERT/CC Addendum

Credit

Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia	JVNDB-2006-000816

JVN#34830904 Shobo Shobo Nikki System (sns) cross-site scripting vulnerability