NOAH releases prior to v3.2.2 contain a flaw that could allow a remote cross-site scripting attack.
This flaw existed because of inadequate input data validation which has subsequently been corrected on releases v3.2.2 and later.
This flaw could allow a user to create a specially crafted URL that could execute arbitrary code in a user's browser, within the trust relationship between browser and server, leading to a loss of integrity.
Users are strongly advised to update NOAH to release v3.2.2 or above.
Copyright © 2004-2008 Nordicwind Inc. All rights reserved. | Legal Statement | Privacy |