Description
Cross-site scripting (XSS) vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
Product(s):
- Hitachi Web Page Generator 01_00
- Hitachi Web Page Generator 01_01_c
- Hitachi Web Page Generator 02_00
- Hitachi Web Page Generator 02_00_c
- Hitachi Web Page Generator Enterprise 03_00
- Hitachi Web Page Generator Enterprise 03_02_c
- Hitachi Web Page Generator Enterprise 03_03
- Hitachi Web Page Generator Enterprise 03_03_c
- Hitachi Web Page Generator Enterprise 03_03_d
- Hitachi Web Page Generator Enterprise 04_00
- Hitachi Web Page Generator Enterprise 04_00_C
- Hitachi Web Page Generator Enterprise 04_01
- Hitachi Web Page Generator Enterprise 04_01_B
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-2497, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-2497 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.