Cogent OPC DataHub And Cascade DataHub XSS And CRLF Vulnerabilities Network Vulnerability

Summary

This host is installed with OPC DataHub or Cascade DataHub and is prone to cross site scripting and CRLF vulnerabilities.

Impact

Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application.

Solution

Upgrade to the OPC DataHub version 7.2 0r later Upgrade to the Cascade DataHub version 7.2 0r later For updates refer to http://www.cogentdatahub.com/index.html

Insight

The flaws are due to unspecified errors in the applications, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected

OPC DataHub version 6.4.20 and prior Cascade DataHub version 6.4.20 and prior

References

http://jvn.jp/en/jp/JVN12983784/index.html
http://jvn.jp/en/jp/JVN63249231/index.html
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000001.html
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000002.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0309, CVE-2012-0310

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Adobe Reader 'SWF' Information Disclosure Vulnerability (Windows)
Adobe Reader Information Disclosure Vulnerability Jun05 (Mac OS X)
Apple Safari 'Webkit' Information Disclosure Vulnerability (Mac OS X)
Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows)
Adobe Reader Information Disclosure & Code Execution Vulnerabilities (Linux)

Cogent OPC DataHub and Cascade DataHub XSS and CRLF Vulnerabilities

Take action and discover your vulnerabilities