Lucene search

Japan Vulnerability NotesJVN:42927215

HistoryMay 21, 2009 - 12:00 a.m.

JVN#42927215 a-News from Appleple vulnerable to cross-site scripting

2009-05-2100:00:00

Japan Vulnerability Notes

jvn.jp

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.003

Percentile

68.2%

JSON

a-News, a web log system from Appleple, contains a cross-site scripting vulnerability.

Note that future releases and maintenance of a-News ended on May 14, 2009. The developer recommends users who wish to continue using a web log system to use a-blog.

Impact

An arbitrary script may be executed on the user’s web browser.

Solution

Do not use a-News
As patches will not be provided, the developer recommends to discontinue the use of a-News and switch to a-blog.

Products Affected

a-News

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.003

Percentile

68.2%

JSON

Related for JVN:42927215