Published:2006/11/20  Last Updated:2008/05/21

JVN#46244305
eyeOS cross-site scripting vulnerability

Overview

eyeOS, an open source web desktop environment (Web OS), contains a cross-site scripting vulnerability.

This vulnerability has been addressed in eyeOS 0.9.0 and later. Other vulnerabilities are also addressed in the latest version. We recommend that the users upgrade to the latest version provided by the vendor.

Products Affected

  • eyeOS version 0.8.10 - 0.8.15

Description

Impact

An arbitrary script may be executed on the user's web browser. Web pages could be spoofed as a result.

Solution

Vendor Status

Vendor Link
eyeOS eyeOS Downloads

References

JPCERT/CC Addendum

Credit

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2006-000784

Update History