Published:2010/04/01  Last Updated:2010/04/02

Compiere vulnerable to cross-site scripting


Compiere provided by Almas Inc. contains a cross-site scripting vulnerability.

Products Affected

  • Compiere J300_A02 and earlier


Compiere provided by Almas Inc. is an Enterprise Resource Planning (ERP) and Customer Relationship Management (CRM) software. Compiere contains a cross-site scripting vulnerability.

This vulnerability is different from JVN#57963254.


An arbitrary script may be executed on the user's web browser.


Update the Software
Update to the latest version according to the information provided by the developer.

Vendor Status


JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2010.04.01

Measures Conditions Severity
Access Required Routed - can be attacked over the Internet using packets
  • High
Authentication None - anonymous or no authentication (IP addresses do not count)
  • High
User Interaction Required Simple - the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file
  • Medium
Exploit Complexity Low - little to no expertise and/or luck required to exploit (cross-site scripting)
  • High

Description of each analysis measures


Naruhisa Tadokoro of Kobe Digital Labo Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
CVE CVE-2010-1333
JVN iPedia JVNDB-2010-000009

Update History