15 matches found
EUVD-2023-36851
Malicious code in bioql PyPI...
CVE-2024-21584
Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user...
CVE-2023-32607
Stored cross-site scripting vulnerability in Pleasanter Community Edition and Enterprise Edition 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script...
CVE-2023-32608
Directory traversal vulnerability in Pleasanter Community Edition and Enterprise Edition 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server...
CVE-2023-30758
Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script...
CVE-2023-45210
Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access...
CVE-2023-34439
Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser...
CVE-2023-34439
Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser...
CVE-2023-45210
Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access...
Pleasanter Security Vulnerability
Pleasanter is a free OSS no-code/low-code development tool from Pleasanter, Inc. A security vulnerability exists in Pleasanter 1.3.47.0 and prior versions, which originates from a vulnerability that could allow an authenticated, remote attacker to view temporary files uploaded by a user who does...
Pleasanter Security Vulnerability
Pleasanter is a free OSS no-code/low-code development tool from Pleasanter, Inc. A security vulnerability exists in Pleasanter 1.3.47.0 and earlier versions that stems from the presence of an open redirection vulnerability. An attacker can exploit the vulnerability to redirect users to arbitrary...
CVE-2023-32608
Directory traversal vulnerability in Pleasanter Community Edition and Enterprise Edition 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server...
CVE-2023-32607
Stored cross-site scripting vulnerability in Pleasanter Community Edition and Enterprise Edition 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script...
PT-2023-23908 · Unknown · Pleasanter
Name of the Vulnerable Software and Affected Versions: Pleasanter versions 1.3.39.2 and earlier Description: A directory traversal issue allows a remote authenticated attacker to alter an arbitrary file on the server. Recommendations: For versions 1.3.39.2 and earlier, update to a version later...
Pleasanter vulnerable to cross-site scripting
Overview Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability CWE-79. Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Implem Inc. and Implem Inc. reported it to IPA. JPCERT/CC and Implem Inc. coordinated under the Information Security...