製品・ソフトウェアに関する情報

JVN脆弱性詳細

MHonArc の lib/mhtxthtml.pl におけるクロスサイトスクリプティングの脆弱性

Title	MHonArc の lib/mhtxthtml.pl におけるクロスサイトスクリプティングの脆弱性
Summary	MHonArc の lib/mhtxthtml.pl には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	第三者により、SCRIPT 要素に対する不正な形式の開始タグと終了タグを介して、任意の Web スクリプトまたは HTML 挿入される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Jan. 3, 2011, midnight
Registration Date	March 27, 2012, 6:42 p.m.
Last Update	March 27, 2012, 6:42 p.m.

Affected System

mhonarc

mhonarc 2.6.16

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-4524	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4524
National Vulnerability Database (NVD)
2	CVE-2010-4524	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4524

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
mhonarc
1	Top Page	http://www.mhonarc.org/

Change Log

No	Changed Details	Date of change
0	[2012年03月27日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-4524

Summary	Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by <scr<body>ipt> and </scr<body>ipt> sequences.
Publication Date	Jan. 4, 2011, 5 a.m.
Registration Date	Jan. 29, 2021, 11:09 a.m.
Last Update	Nov. 21, 2024, 10:21 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:mhonarc:mhonarc:2.6.16:::::::*

Related information, measures and tools

No	URL	タグ
1	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607693
2	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607693
3	http://lists.mandriva.com/security-announce/2011-01/msg00004.php
4	http://lists.mandriva.com/security-announce/2011-01/msg00004.php
5	http://openwall.com/lists/oss-security/2010/12/21/4	Exploit Patch
6	http://openwall.com/lists/oss-security/2010/12/21/4	Exploit Patch
7	http://openwall.com/lists/oss-security/2010/12/21/7
8	http://openwall.com/lists/oss-security/2010/12/21/7
9	http://openwall.com/lists/oss-security/2010/12/22/4	Exploit Patch
10	http://openwall.com/lists/oss-security/2010/12/22/4	Exploit Patch
11	http://openwall.com/lists/oss-security/2010/12/22/5	Patch
12	http://openwall.com/lists/oss-security/2010/12/22/5	Patch
13	http://savannah.nongnu.org/bugs/?32013
14	http://savannah.nongnu.org/bugs/?32013
15	http://secunia.com/advisories/42694
16	http://secunia.com/advisories/42694
17	http://www.mail-archive.com/mhonarc-dev%40mhonarc.org/msg01296.html
18	http://www.mail-archive.com/mhonarc-dev%40mhonarc.org/msg01296.html
19	http://www.securityfocus.com/bid/45528
20	http://www.securityfocus.com/bid/45528
21	http://www.vupen.com/english/advisories/2010/3344	Vendor Advisory
22	http://www.vupen.com/english/advisories/2010/3344	Vendor Advisory
23	http://www.vupen.com/english/advisories/2011/0067
24	http://www.vupen.com/english/advisories/2011/0067
25	https://bugzilla.redhat.com/show_bug.cgi?id=664718	Exploit Patch
26	https://bugzilla.redhat.com/show_bug.cgi?id=664718	Exploit Patch

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html