CVE-2010-3931 Information

Description

Cross-site scripting (XSS) vulnerability in multiple Rocomotion products including P board 1.18 and other versions P forum 1.30 and earlier P up board 1.38 and other versions P diary R 1.13 and earlier P link 1.11 and earlier P link compact 1.04 and earlier pplog 3.31 and earlier pplog2 3.37 and earlier PM bbs 1.07 and earlier PM up bbs 1.08 and earlier and PM forum 1.18 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Reference

http://another.rocomotion.jp/12949466953653.html http://jvn.jp/en/jp/JVN09115481/index.html http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000006.html http://osvdb.org/70495 http://secunia.com/advisories/42957 http://www.securityfocus.com/bid/45838 https://exchange.xforce.ibmcloud.com/vulnerabilities/64745