JVN#89497739
Meneame cross-site scripting vulnerability
Overview
Meneame, an open source social bookmark system, contains a cross-site scripting vulnerability.
Products Affected
- Meneame Version 1
Description
Meneame, an open-source web application to build social bookmark systems, contains a cross-site scripting vulnerability, as it does not properly handle output data.
Impact
A remote attacker could execute an arbitrary script on the user's web browser. As a result, an attacker could possibly conduct a phising attack by creating a malicious website.
Solution
Upgrade the Software
Upgrade to Meneame version 2 released by the vendor.
Vendor Status
| Vendor | Link |
| Meneame |
http://svn.meneame.net/index.cgi/branches/version2/ |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2007.06.04
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | Routed - can be attacked over the Internet using packets |
|
| Authentication | None - anonymous or no authentication (IP addresses do not count) |
|
| User Interaction Required | Simple - the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file |
|
| Exploit Complexity | Low - little to no expertise and/or luck required to exploit (cross-site scripting) |
|
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2007-000429 |