Hummingbird Information for VU#488684
Hummingbird CyberDOCS contains multiple cross-site scripting vulnerabilities
- Vendor Information Help Date Notified: 17 Sep 2003
- Statement Date:
- Date Updated: 09 Oct 2003
CyberDOCS - Potential to Embed Scripts That Can Communicate with Other Sites in URL
Problem: In CyberDOCS (versions 3.5.1, 3.9, and 4.0), the application does not escape certain URL/POST page query parameters before embedding them in the HTML output. This allows users the potential ability to insert scripts that can be written to communicate with other sites.
Resolution: This issue is resolved in CyberDOCS 4.0 Patch 4, which can be downloaded from Hummingbird's website at the following location:
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.