{"vuid":"VU#889047","idnumber":"889047","name":"Attachmate Reflection for the Web cross site scripting vulnerability","keywords":["Attachmate","Reflection","cross site scripting"],"overview":"Attachmate Reflection for the Web contains a non-persistent cross site scripting vulnerability.","clean_desc":"The following versions of Attachmate's Reflection for the Web products are vulnerable to a non-persistent cross site scripting vulnerability. Reflection for the Web 2008 R2 builds 10.1.569 and earlier\nReflection for the Web 2008 R1\nReflection for the Web 9.6 and earlier\nAdditional details are available in Attachmate's Technical Note 1704.","impact":"An attacker may execute arbitrary script in the security context of the web user. The attacker would need to induce the user to voluntarily interact with the attack mechanism.","resolution":"Apply an update\nAttachmate recommends all users upgrade to Reflection for the Web 2008 R2 build 10.1.570 or higher.","workarounds":"","sysaffected":"","thanks":"Thanks to Ed Munoz of Attachmate for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["h","t","t","p",":","/","/","s","u","p","p","o","r","t",".","a","t","t","a","c","h","m","a","t","e",".","c","o","m","/","t","e","c","h","d","o","c","s","/","1","7","0","4",".","h","t","m","l"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2010-10-29T18:42:53Z","publicdate":"2010-11-01T00:00:00Z","datefirstpublished":"2010-11-01T12:11:38Z","dateupdated":"2010-11-01T14:26:04Z","revision":13,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"15","cam_exploitation":"1","cam_internetinfrastructure":"4","cam_population":"1","cam_impact":"2","cam_easeofexploitation":"3","cam_attackeraccessrequired":"1","cam_scorecurrent":"0.00225","cam_scorecurrentwidelyknown":"0.0028125","cam_scorecurrentwidelyknownexploited":"0.00495","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.00225,"vulnote":null}