From this webpage screenshot, the following key information about the vulnerability can be obtained: ID: JVN#57036470 Vulnerability Name: Cross-site scripting vulnerability in leger (free edition) Overview leger (free edition) from 'AD2000' contains a cross-site scripting vulnerability. Products Affected leger (free edition) version released on May 22, 2009 (Ver.1.6.4) and earlier versions are affected. Description leger (free edition) from 'AD2000' is software for managing meeting room reservations. The free edition contains a cross-site scripting vulnerability. Impact Arbitrary scripts may be executed in the user’s web browser. Solution Update the software: Upgrade to the latest version as provided by the vendor. Vendor Status Vendor: AD2000 References JPCERT/CC Supplement: The vendor reported that Ver. 1.6.4, released on May 22, 2009, did not fix this vulnerability. The vulnerability was resolved in Ver. 1.6.5, released on May 26, 2009. For more information, please refer to the vendor’s website. Vulnerability Analysis by JPCERT/CC Analysis Date: 2009.05.22 Credit Vulnerability Reporter: Tsuyoshi Ishibashi of Mitsui Bussan Secure Directions, Inc. JPCERT/CC coordinated with the vendor under the Information Security Early Warning Partners Program. Other Information CVE: CVE-2009-2240 JVNDB: JVNDB-2009-000031