Published:2006/11/30  Last Updated:2008/05/21

JVN#08494205
Chama Cargo cross-site scripting vulnerability

Overview

Chama Cargo, a cgi program written in perl for creating shopping websites, contains a cross-site scripting vulnerability.

Products Affected

  • Chama Cargo v4.36 and earlier
For more information, refer to the vendor's website.

Description

Impact

An arbitrary script may be executed on the user's web browser.

Solution

Vendor Status

Vendor Status Last Update Vendor Notes
Chama-Net Vulnerable 2006/11/30

References

JPCERT/CC Addendum

Credit

Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2006-000803

Update History