|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Hummingbird Information for VU#488684
| Date Notified | 09/17/2003 |
| Date Modified | 10/14/2003 02:49:49 PM |
| Status Summary | Vulnerable |
Vendor StatementCyberDOCS - Potential to Embed Scripts That Can Communicate with Other Sites in URL
Problem: In CyberDOCS (versions 3.5.1, 3.9, and 4.0), the application does not escape certain URL/POST page query parameters before embedding them in the HTML output. This allows users the potential ability to insert scripts that can be written to communicate with other sites.
Resolution: This issue is resolved in CyberDOCS 4.0 Patch 4, which can be downloaded from Hummingbird's website at the following location:
<http://www.hummingbird.com/support/dkm/supportservices/Cyberdocs.html>
Reference: SD017079US-CERT AddendumThe CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |