Hummingbird Information for VU#488684

Hummingbird CyberDOCS contains multiple cross-site scripting vulnerabilities

Status

Affected

Vendor Statement

CyberDOCS - Potential to Embed Scripts That Can Communicate with Other Sites in URL

Problem: In CyberDOCS (versions 3.5.1, 3.9, and 4.0), the application does not escape certain URL/POST page query parameters before embedding them in the HTML output. This allows users the potential ability to insert scripts that can be written to communicate with other sites.

Resolution: This issue is resolved in CyberDOCS 4.0 Patch 4, which can be downloaded from Hummingbird's website at the following location:

<http://www.hummingbird.com/support/dkm/supportservices/Cyberdocs.html>

Reference: SD017079

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.