[原文]Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script.
Nokia Electronic Documentation (NED) has been reported prone to a cross-site scripting vulnerability. The issue has been conjectured to present itself due to a lack of sufficient sanitization performed on user supplied data.
A remote attacker may exploit this issue by enticing a target user to follow a malicious link to the affected Nokia Electronic Documentation site, which contains embedded HTML and script code. The attacker-supplied code would potentially be rendered in the user's browser when the link is followed.
It should be noted that although this vulnerability has been reported to affect Nokia Electronic Documentation version 5.0, previous versions might also be affected.
Nokia Electronic Documentation contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input upon submission to the /docs/ subsystem. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to
correct this issue.