Published:2010/10/05  Last Updated:2010/10/05

Information from NorenzPRO Ltd.

JVN#69191943
Title:AD-EDIT2 vulnerable to cross-site scripting
Status:vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

XSS security hole was found on AD-EDIT before v3.0.8.

[Detail]
Two search program files has XSS security hole.
Please update this product later v3.0.9.

[How to Update on VideoGuidance]
You can update on ControlPanel.

http://adedit.norenz.net/video/index.cgi?pg=0005

[How to File Replace]
You can download forced CGI file on this URL
http://adedit.norenz.net/download/index.cgi?pg=0681

This Package Include Two File(one is for later v3.0.5, another is for before v3.0.4).

Select file and replace below.
/admin/search.cgi
/commons/search.cgi