Vulnerability Description
Cross-site scripting (XSS) vulnerability in multiple Rocomotion products, including P board 1.18 and other versions, P forum 1.30 and earlier, P up board 1.38 and other versions, P diary R 1.13 and earlier, P link 1.11 and earlier, P link compact 1.04 and earlier, pplog 3.31 and earlier, pplog2 3.37 and earlier, PM bbs 1.07 and earlier, PM up bbs 1.08 and earlier, and PM forum 1.18 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rocomotion | P Board | <= 1.18 |
| Rocomotion | P Diary R | <= 1.13 |
| Rocomotion | P Forum | <= 1.30 |
| Rocomotion | P Link | <= 1.11 |
| Rocomotion | P Link Compact | <= 1.04 |
| Rocomotion | P Up Board | <= 1.38 |
| Rocomotion | Pm Bbs | <= 1.07 |
| Rocomotion | Pm Forum | <= 1.18 |
| Rocomotion | Pplog | <= 3.31 |
| Rocomotion | Pplog 2 | <= 3.37 |
Related Weaknesses (CWE)
References
- http://another.rocomotion.jp/12949466953653.htmlVendor Advisory
- http://jvn.jp/en/jp/JVN09115481/index.htmlThird Party Advisory
- http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000006.htmlThird Party Advisory
- http://osvdb.org/70495Broken Link
- http://secunia.com/advisories/42957Broken Link
- http://www.securityfocus.com/bid/45838Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64745Third Party AdvisoryVDB Entry
- http://another.rocomotion.jp/12949466953653.htmlVendor Advisory
- http://jvn.jp/en/jp/JVN09115481/index.htmlThird Party Advisory
- http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000006.htmlThird Party Advisory
- http://osvdb.org/70495Broken Link
- http://secunia.com/advisories/42957Broken Link
- http://www.securityfocus.com/bid/45838Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64745Third Party AdvisoryVDB Entry
FAQ
What is CVE-2010-3931?
CVE-2010-3931 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in multiple Rocomotion products, including P board 1.18 and other versions, P forum 1.30 and earlier, P up board 1.38 and other versions, P diary R 1.13 and ea...
How severe is CVE-2010-3931?
CVE-2010-3931 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3931?
Check the references section above for vendor advisories and patch information. Affected products include: Rocomotion P Board, Rocomotion P Diary R, Rocomotion P Forum, Rocomotion P Link, Rocomotion P Link Compact.