Published:2014/09/17 Last Updated:2016/11/22
JVN#36205251
365 Links series vulnerable to cross-site scripting
Overview
365 Links series provided by php365.com contain a cross-site scripting vulnerability.
Products Affected
- 365 Links Ver.3.11 and earlier
- 365 Links2 Ver.3.11 and earlier
- 365 Links+ Ver.2.10 and earlier
- 365 Links2+ Ver.2.10 and earlier
Description
365 Links series provided by php365.com are link directory management tools. 365 Links series contain a cross-site scripting vulnerability.
Impact
An arbitrary script may be executed on the user's web browser.
Solution
Update the software
Update to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| php365.com | Vulnerable | 2014/09/17 | php365.com website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v2
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score:
4.3
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Credit
Koki Takahashi of Sony Global Education, Inc reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2014-5317 |
| JVN iPedia |
JVNDB-2014-000106 |
Update History
- 2016/11/22
- Information under the section "Credit" was updated.