Cross-Site Scripting Flaw in Hitachi Web Page Generator
CVE-2004-2497

Currently unrated

Key Information:

Vendor: Hitachi
Status: Web Page Generator Enterprise; Web Page Generator
Vendor: CVE Published:; 31 December 2004

Summary

A cross-site scripting vulnerability exists in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier. When the default error template is employed and the debug mode is active, this flaw enables remote attackers to inject arbitrary web scripts or HTML. The issue affects systems that have not taken steps to secure their error-handling mechanisms, potentially leading to unauthorized access and manipulation of content.

References

http://www.securityfocus.com/bid/10818

vdb-entryx_refsource_BID

http://secunia.com/advisories/12150

third-party-advisoryx_refsource_SECUNIA

http://www.osvdb.org/8264

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability Reserved
Oct 25, 2005
Vulnerability published
Dec 31, 2004