Published:2013/02/14 Last Updated:2013/02/14
JVN#09223079
imgboard vulnerable to cross-site scripting
Overview
imgboard contains a cross-site scripting vulnerability.
Products Affected
- From imageboard v0.9 (released on July 15, 1998) to versions prior to 1.22R6.1 u (released on December 20, 2011)
- Versions prior to imgboard 2010u (released on December 20, 2011)
Description
imgboard provided by imgboard.com CGI Download Center (formerly 1998 t-club CGI Download Center) is a bulletin board software that supports posting picture files. imgboard contains a cross-site scripting vulnerability.
Impact
An arbitrary script may be executed on the user's web browser.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| imgboard.com CGI Download Center | imgboard (Japanese only) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Yuji Tounai of bogus.jp and Saeki Tominaga reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2013-0703 |
| JVN iPedia |
JVNDB-2013-000009 |