Published:2005/09/22 Last Updated:2008/05/21
JVN#79925E6F
Cross-site scripting vulnerability in the Unicode version of msearch
Overview
The Unicode version of msearch, a full text search engine for websites, contains a cross-site scripting vulnerability. This problem is caused by a function added to the Unicode version of msearch.
Products Affected
- Unicode version of msearch: version 1.51 (U1) (including the beta version) and 1.52 (U1)
Description
Impact
A malicious script may be executed on the user's web browser.
Solution
References
JPCERT/CC Addendum
Credit
Tomoki Sanaki of International Network Security, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
JPCERT Alert | |
JPCERT Reports | |
CERT Advisory | |
CPNI Advisory | |
TRnotes | |
CVE |
CVE-2005-2339 |
JVN iPedia |
JVNDB-2005-000791 |