CVE-2008-3739

Properties

Published:
26.08.2008
Updated:
29.08.2008
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Product:
spacetag: lacoodast

Vulnerability description

Cross-site scripting (XSS) vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving upload of files containing XSS sequences.

References:

http://jvn.jp/en/jp/JVN52557009/index.html: http://jvn.jp/en/jp/JVN52557009/index.html
http://wiz.syscon.co.jp/Details.htm: http://wiz.syscon.co.jp/Details.htm
http://www.spacetag.jp/modules/products/index.php?id=54: http://www.spacetag.jp/modules/products/index.php?id=54
BID: http://www.securityfocus.com/bid/30791
SECUNIA: http://secunia.com/advisories/31574
SECUNIA: http://secunia.com/advisories/31582
XF: http://xforce.iss.net/xforce/xfdb/44593