MidnightBSD

Advisories for rocomotion

CVE-2010-3931 MEDIUM

Cross-site scripting (XSS) vulnerability in multiple Rocomotion products, including P board 1.18 and other versions, P forum 1.30 and earlier, P up board 1.38 and other versions, P diary R 1.13 and earlier, P link 1.11 and earlier, P link compact 1.04 and earlier, pplog 3.31 and earlier, pplog2 3.37 and earlier, PM bbs 1.07 and earlier, PM up bbs 1.08 and earlier, and PM forum 1.18 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
rocomotion pplog *
rocomotion p_board *
rocomotion pm_forum *
rocomotion p_link_compact *
rocomotion pm_bbs *
rocomotion p_up_board *
rocomotion p_diary_r *
rocomotion p_forum *
rocomotion p_link *
rocomotion pplog_2 *