TITLE: Hitachi Products Cross-Site Scripting and Denial of Service SECUNIA ADVISORY ID: SA17634 VERIFY ADVISORY: http://secunia.com/advisories/17634/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, DoS WHERE: >From remote SOFTWARE: Cosminexus 6.x http://secunia.com/product/5795/ Groupmax Collaboration Portal 6.x http://secunia.com/product/6162/ Groupmax Collaboration Web Client 7.x http://secunia.com/product/6161/ DESCRIPTION: Some vulnerabilities have been reported in various Hitachi products, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). 1) Some unspecified input passed to Collaboration Schedule and Collaboration Calendar isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An unspecified error in the request handling can be exploited to cause a DoS by sending multiple invalid requests to the Collaboration Schedule. The following products are affected: * Groupmax Collaboration Portal * Groupmax Collaboration Web Client - Forum/File Sharing * Cosminexus Collaboration Portal * Cosminexus Collaboration Portal - Forum/File Sharing SOLUTION: Fixes are available (see patch matrix): http://www.hitachi-support.com/security_e/vuls_e/HS05-023_e/01-e.html PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS05-023_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------