Published:2006/11/20 Last Updated:2008/05/21
JVN#46244305
eyeOS cross-site scripting vulnerability
Overview
eyeOS, an open source web desktop environment (Web OS), contains a cross-site scripting vulnerability.
This vulnerability has been addressed in eyeOS 0.9.0 and later. Other vulnerabilities are also addressed in the latest version. We recommend that the users upgrade to the latest version provided by the vendor.
Products Affected
- eyeOS version 0.8.10 - 0.8.15
Description
Impact
An arbitrary script may be executed on the user's web browser. Web pages could be spoofed as a result.
Solution
Vendor Status
| Vendor | Link |
| eyeOS |
eyeOS Downloads |
References
JPCERT/CC Addendum
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2006-000784 |