Details of VAR-200512-0134

ID

VAR-200512-0134

CVE

CVE-2005-4322

TITLE

Hitachi Product Multiple Cross-Site Scripting Vulnerabilities

Trust: 0.6

sources: CNNVD: CNNVD-200512-379

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to inject arbitrary web script or HTML via the (1) Schedule and (2) Calendar components. These are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks. TITLE: Hitachi Products Cross-Site Scripting and Denial of Service SECUNIA ADVISORY ID: SA17634 VERIFY ADVISORY: http://secunia.com/advisories/17634/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, DoS WHERE: >From remote SOFTWARE: Cosminexus 6.x http://secunia.com/product/5795/ Groupmax Collaboration Portal 6.x http://secunia.com/product/6162/ Groupmax Collaboration Web Client 7.x http://secunia.com/product/6161/ DESCRIPTION: Some vulnerabilities have been reported in various Hitachi products, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS05-023_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.26

sources: NVD: CVE-2005-4322 // BID: 15498 // PACKETSTORM: 41644

AFFECTED PRODUCTS

vendor:	hitachi	model:	groupmax collaboration portal	scope:	eq	version:	07_00	Trust: 1.6
vendor:	hitachi	model:	cosminexus collaboration portal	scope:	eq	version:	06_00	Trust: 1.6
vendor:	hitachi	model:	groupmax collaboration web client	scope:	eq	version:	07_00	Trust: 1.6
vendor:	hitachi	model:	groupmax collaboration web client	scope:	lte	version:	07_10_a	Trust: 1.0
vendor:	hitachi	model:	cosminexus collaboration portal	scope:	lte	version:	06_10_b	Trust: 1.0
vendor:	hitachi	model:	groupmax collaboration portal	scope:	lte	version:	07_10_b	Trust: 1.0
vendor:	hitachi	model:	groupmax collaboration web client	scope:	eq	version:	07_10_a	Trust: 0.6
vendor:	hitachi	model:	groupmax collaboration portal	scope:	eq	version:	07_10_b	Trust: 0.6
vendor:	hitachi	model:	cosminexus collaboration portal	scope:	eq	version:	06_10_b	Trust: 0.6
vendor:	hitachi	model:	groupmax collaboration web ffs p-2746-e354 07-10-/a	scope:	eq	version:	07-00-	Trust: 0.3
vendor:	hitachi	model:	groupmax collaboration portal p-2646-6354 07-10-/b	scope:	eq	version:	07-00-	Trust: 0.3
vendor:	hitachi	model:	cosminexus collaboration portal p-2443-3d64 06-10-/b	scope:	eq	version:	06-00-	Trust: 0.3
vendor:	hitachi	model:	cosminexus collaboration portal ffs p-2443-3e64 06-10-/a	scope:	eq	version:	06-00-	Trust: 0.3
vendor:	hitachi	model:	groupmax collaboration web ffs p-2746-e354 07-10-/b	scope:	ne	version:	07-00-	Trust: 0.3
vendor:	hitachi	model:	groupmax collaboration portal p-2646-6354 07-10-/c	scope:	ne	version:	07-00-	Trust: 0.3
vendor:	hitachi	model:	cosminexus collaboration portal p-2443-3d64 06-10-/c	scope:	ne	version:	06-00-	Trust: 0.3
vendor:	hitachi	model:	cosminexus collaboration portal ffs p-2443-3e64 06-10-/b	scope:	ne	version:	06-00-	Trust: 0.3

sources: BID: 15498 // CNNVD: CNNVD-200512-379 // NVD: CVE-2005-4322

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-4322
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200512-379
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2005-4322
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200512-379 // NVD: CVE-2005-4322

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-4322

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200512-379

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 41644 // CNNVD: CNNVD-200512-379

EXTERNAL IDS

db:	HITACHI	id:	HS05-023	Trust: 2.0
db:	BID	id:	15498	Trust: 1.9
db:	SECUNIA	id:	17634	Trust: 1.8
db:	SECTRACK	id:	1015242	Trust: 1.6
db:	SECTRACK	id:	1015241	Trust: 1.6
db:	OSVDB	id:	20969	Trust: 1.6
db:	OSVDB	id:	22126	Trust: 1.6
db:	NVD	id:	CVE-2005-4322	Trust: 1.6
db:	XF	id:	23197	Trust: 0.6
db:	CNNVD	id:	CNNVD-200512-379	Trust: 0.6
db:	PACKETSTORM	id:	41644	Trust: 0.1

sources: BID: 15498 // PACKETSTORM: 41644 // CNNVD: CNNVD-200512-379 // NVD: CVE-2005-4322

REFERENCES

url:	http://www.hitachi-support.com/security_e/vuls_e/hs05-023_e/01-e.html	Trust: 2.0
url:	http://secunia.com/advisories/17634/	Trust: 1.7
url:	http://securitytracker.com/alerts/2005/nov/1015242.html	Trust: 1.6
url:	http://securitytracker.com/alerts/2005/nov/1015241.html	Trust: 1.6
url:	http://www.securityfocus.com/bid/15498	Trust: 1.6
url:	http://www.osvdb.org/22126	Trust: 1.6
url:	http://www.osvdb.org/20969	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/23197	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/23197	Trust: 0.6
url:	http://www.hitachi.co.jp/prod/comp/soft1/global/prod/cosminexus/sol/epf/port_view.html	Trust: 0.3
url:	http://www.hitachi.co.jp/prod/comp/soft1/global/prod/groupmax/index.html	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/5795/	Trust: 0.1
url:	http://www.hitachi-support.com/security_e/vuls_e/hs05-023_e/index-e.html	Trust: 0.1
url:	http://secunia.com/product/6162/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/6161/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: BID: 15498 // PACKETSTORM: 41644 // CNNVD: CNNVD-200512-379 // NVD: CVE-2005-4322

CREDITS

The vendor disclosed these vulnerabilities.

Trust: 0.9

sources: BID: 15498 // CNNVD: CNNVD-200512-379

SOURCES

db:	BID	id:	15498
db:	PACKETSTORM	id:	41644
db:	CNNVD	id:	CNNVD-200512-379
db:	NVD	id:	CVE-2005-4322

LAST UPDATE DATE

2024-08-14T14:22:53.057000+00:00

SOURCES UPDATE DATE

db:	BID	id:	15498	date:	2005-11-18T00:00:00
db:	CNNVD	id:	CNNVD-200512-379	date:	2005-12-19T00:00:00
db:	NVD	id:	CVE-2005-4322	date:	2017-07-20T01:29:13.207

SOURCES RELEASE DATE

db:	BID	id:	15498	date:	2005-11-18T00:00:00
db:	PACKETSTORM	id:	41644	date:	2005-11-19T21:56:12
db:	CNNVD	id:	CNNVD-200512-379	date:	2005-12-17T00:00:00
db:	NVD	id:	CVE-2005-4322	date:	2005-12-17T11:03:00