TDiary 'tb-send.rb' Plugin Cross-Site Scripting Vulnerability Network Vulnerability

Summary

The host is running tDiary and is prone to Cross-Site Scripting Vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Update to version 2.2.3 or later. For updates refer to http://www.tdiary.org/

Insight

The flaw is due to improper validation of the 'plugin_tb_url' and 'plugin_tb_excerpt' parameters upon submission to the tb-send.rb plugin script.

Affected

tDiary versions prior to 2.2.3

References

http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000005.html
http://osvdb.org/62562
http://secunia.com/advisories/38742
http://tdiary.svn.sourceforge.net/viewvc/tdiary/branches/Stable-2_2/plugin/tb-send.rb?r1=3238&r2=3573
http://www.tdiary.org/20100225.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0726

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

7Media Web Solutions EduTrac Directory Traversal Vulnerability
Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
Apache Tomcat DOS Device Name XSS
Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities

tDiary 'tb-send.rb' Plugin Cross-Site Scripting Vulnerability

Take action and discover your vulnerabilities