Published:2005/09/22  Last Updated:2008/05/21

JVN#79925E6F
Cross-site scripting vulnerability in the Unicode version of msearch

Overview

The Unicode version of msearch, a full text search engine for websites, contains a cross-site scripting vulnerability. This problem is caused by a function added to the Unicode version of msearch.

Products Affected

  • Unicode version of msearch: version 1.51 (U1) (including the beta version) and 1.52 (U1)

Description

Impact

A malicious script may be executed on the user's web browser.

Solution

Vendor Status

Vendor Status Last Update Vendor Notes
Unicode msearch Vulnerable 2005/09/22

References

JPCERT/CC Addendum

Credit

Tomoki Sanaki of International Network Security, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2005-2339
JVN iPedia JVNDB-2005-000791

Update History