Executive Summary
Summary | |
---|---|
Title | Attachmate Reflection for the Web cross site scripting vulnerability |
Informations | |||
---|---|---|---|
Name | VU#889047 | First vendor Publication | 2010-11-01 |
Vendor | VU-CERT | Last vendor Modification | 2010-11-01 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | N/A | Attack Range | N/A |
Cvss Impact Score | N/A | Attack Complexity | N/A |
Cvss Expoit Score | N/A | Authentication | N/A |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#889047Attachmate Reflection for the Web cross site scripting vulnerabilityOverviewAttachmate Reflection for the Web contains a non-persistent cross site scripting vulnerability.I. DescriptionThe following versions of Attachmate's Reflection for the Web products are vulnerable to a non-persistent cross site scripting vulnerability.
II. ImpactAn attacker may execute arbitrary script in the security context of the web user. The attacker would need to induce the user to voluntarily interact with the attack mechanism.III. SolutionApply an updateAttachmate recommends all users upgrade to Reflection for the Web 2008 R2 build 10.1.570 or higher.
Referenceshttp://support.attachmate.com/techdocs/1704.html Thanks to Ed Munoz of Attachmate for reporting this vulnerability. This document was written by Jared Allar.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/889047 |