Published:2005/09/01 Last Updated:2008/05/21
JVN#97422426
Hyper NIKKI System cross-site request forgery vulnerability
Overview
Hyper NIKKI System (hns), a weblog system from the Hyper NIKKI System Project, contains a cross-site request forgery (CSRF) vulnerability.
Products Affected
It is affected only when webif is used in the direct mode- hns-2.10-pl3
- hns-2.19.5 (hns-lite-2.19.5)
Description
Impact
If a weblog administrator accesses a malicious web page, an attacker could add, alter, or delete the weblog text.
If the weblog text is successfully altered, the attacker could perform a cross-site scripting attack to steal cookie information of weblog readers (including weblog administrator) issued by Hyper NIKKI System.
An attacker could impersonate a user by stealing the cookie information.
Solution
References
JPCERT/CC Addendum
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2005-000789 |