Cross-Site Scripting Risk in Cosminexus Developer's Kit for Java by Hitachi
CVE-2007-4760

Currently unrated

Key Information:

Vendor: Hitachi
Status: Ucosminexus Service Platform; Ucosminexus Developer Standard; Ucosminexus Application Server Standard; Ucosminexus Application Server Enterprise
Vendor: CVE Published:; 8 September 2007

Summary

The javadoc tool in Hitachi's Cosminexus Developer's Kit for Java versions 7 and 7.5 is susceptible to Cross-Site Scripting (XSS) attacks. This vulnerability enables remote attackers to exploit the application's HTML document generation capabilities, potentially allowing them to insert arbitrary web scripts or HTML content via unspecified vectors. Consequently, this exposure can lead to unauthorized actions taken on behalf of legitimate users and compromise sensitive data.

References

http://www.vupen.com/english/advisories/2007/3033

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/26671

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/36393

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Sep 8, 2007
Vulnerability Reserved
Sep 7, 2007