Hummingbird Information for VU#488684
Hummingbird CyberDOCS contains multiple cross-site scripting vulnerabilities
- Vendor Information Help Date Notified: 17 Sep 2003
- Statement Date:
- Date Updated: 09 Oct 2003
Status
Affected
Vendor Statement
CyberDOCS - Potential to Embed Scripts That Can Communicate with Other Sites in URL
Problem: In CyberDOCS (versions 3.5.1, 3.9, and 4.0), the application does not escape certain URL/POST page query parameters before embedding them in the HTML output. This allows users the potential ability to insert scripts that can be written to communicate with other sites.
Resolution: This issue is resolved in CyberDOCS 4.0 Patch 4, which can be downloaded from Hummingbird's website at the following location:
<http://www.hummingbird.com/support/dkm/supportservices/Cyberdocs.html>
Reference: SD017079
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Vendor References
None
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.