Notified:  September 18, 2003 Updated: October 09, 2003

Status

Affected

Vendor Statement

CyberDOCS - Potential to Embed Scripts That Can Communicate with Other Sites in URL Problem: In CyberDOCS (versions 3.5.1, 3.9, and 4.0), the application does not escape certain URL/POST page query parameters before embedding them in the HTML output. This allows users the potential ability to insert scripts that can be written to communicate with other sites. Resolution: This issue is resolved in CyberDOCS 4.0 Patch 4, which can be downloaded from Hummingbird's website at the following location: Reference: SD017079

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.