Published: 2017/04/11  Last Updated: 2017/04/11

Information from UCHIDA YOKO CO., LTD.

Vulnerability ID:JVN#82019695
Title:ASSETBASE vulnerable to cross-site scripting
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

Some web browsers have a function of countermeasures against cross site scripting (XSS), which can reduce the effect of vulnerability.

There is XSS countermeasure in the next browser.
Microsoft Edge
Google Chrome
Safari
Internet Explorer *

There is no XSS countermeasure in the following browsers.
Mozilla Firefox

* Internet Explorer has XSS filter in the Internet zone enabled by default. However, since the setting of the XSS filter in the local intranet zone is disabled, in an environment where the ASSETBASE server is in the intranet zone, you can reduce the effect of vulnerability by enabling XSS filter.
Settings can be checked and changed on the "Internet Zone" or "Local Intranet" "Level Customization ..." in "Security" tab of "Internet Options".
Make the setting in the "Enable XSS Filter" checkbox in the "Script" section.

The operation was confirmed with the latest version of the following browser.
Microsoft Edge
Internet Explorer 11
Mozilla Firefox 51
Google Chrome 56
Safari 10