Lucene search
K

6 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/12 12:0 a.m.29 views

JVN#19732015: MilkyStep fails to restrict access permissions

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions against the management function for user information CWE-284. Impact A non-administrative user may be able to change administrative user credentials. Solution...

6.5CVSS5.9AI score0.012EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/09 5:15 a.m.3 views

MilkyStep vulnerable to cross-site scripting

Overview MilkyStep provided by Igreks Inc. contains a cross-site scripting vulnerability. MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a cross-site scripting vulnerability CWE-79. Kusano Kazuhiko reported this vulnerability to IPA...

4.3CVSS6AI score0.01184EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/09 12:0 a.m.31 views

JVN#52478686: MilkyStep vulnerable to SQL injection

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a SQL injection vulnerability CWE-89. Impact An attacker who can access the product may execute an arbitrary SQL command. Solution Update the Software Update to the latest version accordin...

7.5CVSS7.4AI score0.01285EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/09 12:0 a.m.36 views

JVN#74280258: MilkyStep fails to restrict access permissions

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions CWE-264. Impact A remote attacker may alter product settings. Solution Update the Software Update to the latest version according to the information provided by...

6.4CVSS6.1AI score0.01553EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/09 12:0 a.m.32 views

JVN#20879350: MilkyStep vulnerable to cross-site scripting

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to th...

4.3CVSS5.9AI score0.01184EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/09 12:0 a.m.37 views

JVN#12241436: MilkyStep vulnerable to cross-site request forgery

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Software Update to...

6.8CVSS6.3AI score0.00656EPSS
Exploits0
Rows per page
Query Builder