Published:2005/12/05 Last Updated:2008/05/21
JVN#76357668
MitakeSearch cross-site scripting vulnerability
Overview
MitakeSearch, a fulltext search system from Hewlett-Packard Japan, contains a cross-site scripting vulnerability due to improper validation of input character strings in the ranking CGI script file, ranking.pl.
Products Affected
- MitakeSearch V4.2
Description
Impact
A malicious script may be executed on the user's web browser.
Solution
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Hewlett-Packard Japan, Ltd. | Vulnerable | 2005/12/05 |
References
JPCERT/CC Addendum
Credit
Eiji James Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2005-000798 |