Cross-Site Scripting Vulnerabilities in Hitachi Web Server and Cosminexus Products
CVE-2007-0514

Currently unrated

Key Information:

Vendor: Hitachi
Status: Hitachi Web Server; Ucosminexus Developer Standard; Cosminexus Developer Standard Version 6; Cosminexus Server - Web Edition
Vendor: CVE Published:; 26 January 2007

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in Hitachi Web Server, uCosminexus, and Cosminexus products prior to the 20070124 update. These vulnerabilities enable remote attackers to inject arbitrary web scripts or HTML through malicious HTTP Expect headers or image maps. Exploitation of these weaknesses may lead to unauthorized access and manipulation of web content, posing significant security risks.

References

http://osvdb.org/32998

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/23843

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2007/0326

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Jan 26, 2007
Vulnerability Reserved
Jan 25, 2007