Published:2008/08/29  Last Updated:2008/08/29

Blogn vulnerable to cross-site request forgery


Blogn from R-ONE Computer contains a cross-site request forgery vulnerability.

Products Affected

  • Blogn v1.9.7 and earlier


Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site request forgery vulnerability.


Contents created by Blogn may be editted or modified if the logged in user views a malicious web page.


Update the Software
Apply the latest update provided by the vendor.

Vendor Status

Vendor Status Last Update Vendor Notes
Blogn Vulnerable 2008/08/29


JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2008.08.29

Measures Conditions Severity
Access Required Routed - can be attacked over the Internet using packets
  • High
Authentication None - anonymous or no authentication (IP addresses do not count)
  • High
User Interaction Required Simple - the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file
  • Medium
Exploit Complexity Low - little to no expertise and/or luck required to exploit (cross-site scripting)
  • High

Description of each analysis measures


Masako Ohno of NetAgent Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Technology Early Warning Partnership.

Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
CVE CVE-2008-3885
JVN iPedia JVNDB-2008-000054

Update History