Sign-up

ID

VAR-201002-0400


TITLE

Hitachi Multiple Products Unspecified Cross-Site Scripting Vulnerability

Trust: 0.3

sources: BID: 38429

DESCRIPTION

Multiple Hitachi products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Hitachi Cosminexus Products uCosminexus Portal Framework Cross-Site Scripting SECUNIA ADVISORY ID: SA38737 VERIFY ADVISORY: http://secunia.com/advisories/38737/ DESCRIPTION: A vulnerability has been reported in Hitachi products, which can be exploited by malicious people to conduct cross-site scripting attacks. Unspecified input passed to the "uCosminexus Portal Framework" and "uCosminexus Portal Framework - Light" component is not properly sanitised before being returned to the user. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-001/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 0.36

sources: BID: 38429 // PACKETSTORM: 86740

AFFECTED PRODUCTS

vendor:hitachimodel:ucosminexus portal framework lightscope:eqversion:-0

Trust: 0.3

vendor:hitachimodel:ucosminexus portal frameworkscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus navigation platform authoring licensescope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus navigation platform user licensescope:eqversion:-0

Trust: 0.3

vendor:hitachimodel:ucosminexus navigation platformscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus navigation developerscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus electronic form workflow quickstart edscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus electronic form workflow hirdbscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus content managerscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portal forum/file sharescope:eqversion:0

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:jp1/integrated management service supportscope:eqversion:-0

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client forum/file sharescope:eqversion:0

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client mail/schedulescope:eqversion:-0

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:electronic form workflow setscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:electronic form workflow developer setscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:cosminexus portal framework lightscope:eqversion:-0

Trust: 0.3

vendor:hitachimodel:cosminexus portal frameworkscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:cosminexus collaboration portal forum/file sharescope:eqversion:-0

Trust: 0.3

vendor:hitachimodel:cosminexus collaboration portalscope:eqversion:0

Trust: 0.3

sources: BID: 38429

THREAT TYPE

network

Trust: 0.3

sources: BID: 38429

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 38429

EXTERNAL IDS

db:HITACHIid:HS10-001

Trust: 0.4

db:BIDid:38429

Trust: 0.3

db:SECUNIAid:38737

Trust: 0.2

db:PACKETSTORMid:86740

Trust: 0.1

sources: BID: 38429 // PACKETSTORM: 86740

REFERENCES

url:http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs10-001/index.html

Trust: 0.4

url:http://www.hds.com/products/storage-software/hitachi-device-manager.html

Trust: 0.3

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/38737/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: BID: 38429 // PACKETSTORM: 86740

CREDITS

The vendor disclosed this issue.

Trust: 0.3

sources: BID: 38429

SOURCES

db:BIDid:38429
db:PACKETSTORMid:86740

LAST UPDATE DATE

2022-05-17T02:04:53.431000+00:00


SOURCES UPDATE DATE

db:BIDid:38429date:2010-02-26T00:00:00

SOURCES RELEASE DATE

db:BIDid:38429date:2010-02-26T00:00:00
db:PACKETSTORMid:86740date:2010-02-26T16:07:21