Published:
2024/10/18
Last Updated:
2024/10/18
Information from NEUMANN CO.LTD.
Vulnerability ID:JVN#57285747
Title:N-LINE vulnerable to HTML injection
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
There was a part of the functionality that could be a target for XSS attacks. In the feature that allows users to comment to administrators, if a malicious user wrote scripts in tag format, there was a possibility that the administrator could unintentionally execute them.
This issue has now been fixed, and comments written in tag format are no longer recognized as scripts. They are displayed as plain text on the administrator side.