JVN#53267766
MyNETS cross-site scripting vulnerability
Overview
MyNETS, an open source SNS software, contains a cross-site scripting vulnerability.
Products Affected
- MyNETS Ver1.2.0 and earlier
Description
MyNETS from Usagi Project is an open source SNS (Social Networking Service) software. MyNETS contains a cross-site scripting vulnerability.
Impact
If a user views a specially crafted web page, an arbitrary script may be executed on the user's web browser. As a result, user information may be disclosed or a user may be directed to an unintended site.
Solution
Update the Software
Update to the latest version according to the information provided by the developers.
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2008.10.20
Measures | Conditions | Severity |
---|---|---|
Access Required | Routed - can be attacked over the Internet using packets |
|
Authentication | Limited - self-registration, perhaps valid e-mail |
|
User Interaction Required | Simple - the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file |
|
Exploit Complexity | Low - little to no expertise and/or luck required to exploit (cross-site scripting) |
|
Credit
Other Information
JPCERT Alert | |
JPCERT Reports | |
CERT Advisory | |
CPNI Advisory | |
TRnotes | |
CVE |
CVE-2008-4629 |
JVN iPedia |
JVNDB-2008-000071 |