EUVD-2025-35799

Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

CVE-2023-22654

Client-side enforcement of server-side security issue exists in T Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T Corporation data logger products TR-71W/72W a...

Alfasado PowerCMS Security Vulnerability

Alfasado PowerCMS is a content management system CMS from Alfasado Japan. A security vulnerability exists in Alfasado PowerCMS, which originates from a stored cross-site scripting XSS vulnerability. The vulnerability can be exploited by an attacker to execute arbitrary script in a logged-in user'...

A.K.I Software PMailServer Security Vulnerability

A.K.I Software PMailServer is an email server from A.K.I Software, Japan. A security vulnerability exists in A.K.I Software PMailServer and PMailServer2, which stems from a stored cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary script on a logged-in...

CVE-2023-22654

Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products TR-71W/7...

Cybozu Garoon 跨站脚本漏洞

Cybozu Garoon is a portal-based OA office system from Cybozu Japan. A cross-site scripting vulnerability exists in some of the email functions in Cybozu Garoon. An attacker can use this vulnerability to execute arbitrary scripts on a logged-in user's Web browser...

Movable Type Premium vulnerable to cross-site scripting

Overview Movable Type Premium provided by Six Apart Ltd. contains a cross-site scripting vulnerability CWE-79. Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning...

WordPress plugin "BackupGuard" vulnerable to cross-site scripting

Overview The WordPress plugin "BackupGuard" provided by BackupGuard contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary scri...

Cybozu Office vulnerable to cross-site scripting

Overview Cybozu Office contains a cross-site scripting vulnerability. Cybozu Office is a groupware. Cybozu Office contains a cross-site scripting vulnerability due to issues contained in the address book and user list functions. NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC...