Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/07/31 12:0 a.m.59 views

JVN#84959128: FANUC i Series CNC vulnerable to denial-of-service (DoS)

Fanuc i Series CNC provided by FANUC CORPORATION contains a denial-of-service DoS CWE-400 vulnerability. Impact A remote attacker may cause a denial-of-service DoS condition and access to the other devices may be blocked. Solution Update the software or apply the patch The developer states that t...

5.3CVSS5.3AI score0.01949EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/15 12:0 a.m.59 views

JVN#28865183: Insecure DLL Loading issue in multiple Trend Micro products

Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue CWE-427. When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers of the other applications may b...

7CVSS6.9AI score0.01566EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/02/09 12:0 a.m.59 views

JVN#34207650: Multiple cross-site scripting vulnerabilities in Webmin

Webmin contains multiple cross-site scripting vulnerabilities CWE-79 due to issues in outputting error messages into a HTML page and the function to edit the database. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...

6.1CVSS6.2AI score0.01739EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/11/30 12:0 a.m.59 views

JVN#25059363: Multiple I-O DATA network camera products multiple vulnerabilities

Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. OS Command injection CWE-78 - CVE-2016-7819 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2|...

9CVSS7.7AI score0.03252EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/01/27 12:0 a.m.59 views

JVN#54686544: HOME SPOT CUBE multiple vulnerabilities

HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains multiple vulnerabilities listed below. Cross-site scripting - CVE-2016-1136 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.3 CVSS v2|...

7.5CVSS6.7AI score0.01254EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/03/18 12:0 a.m.59 views

JVN#20671901: VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability

The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in the processing authentication requests. Impact Recieiving a specially crafted packet for a public key authentication request may cause the server to hang and SSH access to be unavailab...

10CVSS6.9AI score0.06353EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/08/13 12:0 a.m.59 views

JVN#86832361 Microsoft Windows denial of service (DoS) vulnerability

Microsoft Windows contains a denial of service DoS vulnerability caused by IPv6 packets with malformed extension headers. Impact A remote attacker could possibly cause a denial of service DoS by sending specially crafted IPv6 packets. Solution Update the software Update to the latest version...

7.8CVSS6.3AI score0.61997EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/19 12:0 a.m.58 views

JVN#46892984: Multiple vulnerabilities in Rakuten Casa

Rakuten Casa provided by Rakuten Mobile, Inc. contains multiple vulnerabilities listed below. Use of Hard-coded Credentials CWE-798 - CVE-2022-29525 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N| Base Score: 5.9 CVSS v2| AV:N/AC:M/Au:N/C:C/I:N/A:N| Base...

9.8CVSS8AI score0.02452EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/03/10 12:0 a.m.58 views

JVN#72801744: UNIVERGE WA Series vulnerable to OS command injection

Remote system maintenance feature of UNIVERGE WA series "Local maintenance console/Remote maintenance console/Web based remote console maintenance" contains an OS command injection vulnerability CWE-78. Impact If an attacker who can access the product sends specific character strings or a special...

9.8CVSS9.9AI score0.01386EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/28 12:0 a.m.58 views

JVN#33453839: Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter

Office Server Document Converter provided by Antenna House, Inc. contains multiple improper restriction of XML external entity reference XXE vulnerabilities listed below. Improper restriction of XML external entity reference XXE CWE-611 - CVE-2021-20838 Resource exhaustion in the PDF convert...

7.5CVSS7AI score0.01471EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/23 12:0 a.m.58 views

JVN#63066062: WordPress Plugin "WordPress Popular Posts" vulnerable to cross-site scripting

WordPress Plugin "WordPress Popular Posts" provided by Hector Cabrera contains a cross-site scripting vulnerability CWE-79. Impact A user with the administrative privilege may unintentionally execute a script on his/her web browser. Solution Update the plugin Update the plugin according to the...

5.4CVSS5.3AI score0.01442EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/27 12:0 a.m.58 views

JVN#97434260: Hot Pepper Gourmet App fails to restrict access permissions

Hot Pepper Gourmet App provided by Recruit Co., Ltd. implements the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute access...

4.3CVSS4.7AI score0.00869EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/05/29 12:0 a.m.58 views

JVN#20040004: The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" may insecurely invoke an executable file

The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION contains an issue with the DLL search path, which may lead to insecurely invoke an executable file CWE-427...

9.3CVSS7.7AI score0.01052EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/05/24 12:0 a.m.58 views

JVN#79301396: Susie plug-in "axpdfium" may insecurely load Dynamic Link Libraries

Susie plug-in "axpdfium" contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user running the program where "axpdfium" is used. Solution Update the plug-in Update the plug-...

9.3CVSS7.6AI score0.00959EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/02 12:0 a.m.58 views

JVN#99312352: WordPress plugin "MTS Simple Booking C" vulnerable to cross-site scripting

The WordPress plugin "MTS Simple Booking C" provided by MT Systems Co., Ltd. contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user who logged-in as an administrator. Solution Update the plugin Update the plugin accordi...

6.1CVSS6AI score0.00776EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/17 12:0 a.m.58 views

JVN#23546631: Installer of Shin Kinkyuji Houkoku Data Nyuryoku Program may insecurely load Dynamic Link Libraries

Installer of Shin Kinkyuji Houkoku Data Nyuryoku Program provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the use...

9.3CVSS7.6AI score0.01238EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/19 12:0 a.m.58 views

JVN#77412145: SONY Portable Wireless Server WG-C10 fails to restrict access permissions

Portable Wireless Server WG-C10 provided by Sony Corporation fails to restrict access permissions CWE-284. Impact An authenticated attacker may obtain or alter information stored in the external storage connected to product. Solution Apply a Workaround The following workarounds may mitigate the...

9.1CVSS9AI score0.01075EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/10 12:0 a.m.58 views

JVN#81024552: Multiple vulnerabilities in WN-G300R3

WN-G300R3 provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R3 contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2017-2141 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2|...

10CVSS8.5AI score0.03076EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/10/13 12:0 a.m.58 views

JVN#70380788: BASP21 vulnerable to mail header injection

BASP21 provided by B21Soft, Inc. contains a mail header injection vulnerability. Impact The header of an email created by BASP21 to be sent from a web application mail form may be altered by an unauthenticated remote attacker. As a result, an unintended email may be sent or a denial-of-service Do...

6.4CVSS6.6AI score0.01449EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/10/03 12:0 a.m.58 views

JVN#07148816: Multiple access restriction bypass vulnerabilities in Cybozu Office

Cybozu Office contains multiple access restriction bypass vulnerabilities below. Access restriction bypass in the "Project" function - CVE-2016-4867 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N| Base Score: 4.3 CVSS v2| AV:N/AC:L/Au:S/C:P/I:N/A:N| Base...

4.3CVSS4.8AI score0.01366EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/03/01 12:0 a.m.58 views

JVN#31517714: Kingsoft Internet Security 2011 vulnerable to denial-of-service

Kingsoft Internet Security 2011 contains a vulnerability in the device driver, which may result in a denial-of-service DoS. Impact An attacker that can login to the system with the software running may cause a denial-of-service DoS. Solution Update the Software Update to the latest version...

2.1CVSS6AI score0.00387EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/10/19 12:0 a.m.57 views

JVN#28846531: Multiple vulnerabilities in JustSystems products

Multiple products provided by JustSystems Corporation contain multiple vulnerabilities listed below. Use after free CWE-416 - CVE-2023-34366 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L| Base Score: 3.3 CVSS v2| AV:L/AC:M/Au:N/C:N/I:N/A:P| Base Score:...

7.8CVSS8.1AI score0.00678EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/06/09 12:0 a.m.57 views

JVN#28412757: Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT

Wi-Fi AP UNIT provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below. Missing authentication for critical function CWE-306 - CVE-2023-31196 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N| Base Score: 7.5 CVSS v2|...

7.5CVSS8AI score0.01476EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/20 12:0 a.m.57 views

JVN#15317878: Spring Security OAuth (spring-security-oauth2) vulnerable to denial-of-service (DoS)

Spring Security OAuth spring-security-oauth2 provided by VMware, Inc. contains a denial-of-service vulnerability due to uncontrolled resource consumption CWE-400. Note that Spring Security OAuth spring-security-oauth2 is no longer supported, therefore Spring Security has been developed as the...

7.5CVSS6.7AI score0.06001EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/22 12:0 a.m.57 views

JVN#67108459: EC-CUBE plugin "Mail Magazine Management Plugin" vulnerable to cross-site request forgery

EC-CUBE plugin "Mail Magazine Management Plugin" provided by EC-CUBE CO.,LTD. contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in to EC-CUBE which the plugin is installed, Mail Magazine Templates...

4.3CVSS4.6AI score0.00465EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/12 12:0 a.m.57 views

JVN#72788165: Multiple vulnerabilities in WordPress Plugin "Quiz And Survey Master"

WordPress Plugin "Quiz And Survey Master" provided by ExpressTech contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2022-0180 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2|...

8.8CVSS6.8AI score0.01277EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/02 12:0 a.m.57 views

JVN#54794245: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1782 Cross-site scripting vulnerability in Scheduler CWE-79 - CVE-2021-20753 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

8CVSS6.3AI score0.00993EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 12:0 a.m.57 views

JVN#93207949: Click Ranker vulnerable to cross-site scripting

Click Ranker contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of user who accesses a page ranking screen. Impact An arbitrary script may be executed on the web browser of the user who is accessing a website that uses Click...

6.1CVSS6.1AI score0.00756EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/12/18 12:0 a.m.57 views

JVN#10100024: Management software for NEC Storage disk array system vulnerable to improper server certificate verification

Management software for NEC Storage disk array system provided by NEC Corporation is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication or alter the communication. Solution Update the...

5.8CVSS5AI score0.00331EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/10/21 12:0 a.m.57 views

JVN#31425618: Multiple vulnerabilities in WordPress Plugin "Simple Download Monitor"

WordPress Plugin "Simple Download Monitor" provided by Tips and Tricks HQ contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2020-5650 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

8.8CVSS7.7AI score0.01487EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/06/12 12:0 a.m.57 views

JVN#92265618: LINE for Windows may insecurely load Dynamic Link Libraries

LINE for Windows provided by LINE Corporation specifies the path to read DLL when launching software. If a user launches LINE for Windows by clicking the specially crafted link prepared by a remote attacker, it may result in insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code...

7.8CVSS7.6AI score0.00796EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/27 12:0 a.m.57 views

JVN#85531148: WordPress plugin "Events Manager" vulnerable to cross-site scripting

The WordPress plugin "Events Manager" provided by NetWebLogic contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

5.4CVSS5.2AI score0.01517EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/01/22 12:0 a.m.57 views

JVN#26255241: The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" may insecurely load Dynamic Link Libraries

The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact...

9.3CVSS7.7AI score0.00912EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/11/30 12:0 a.m.57 views

JVN#78501037: Movable Type plugin A-Member and A-Reserve vulnerable to SQL injection

A-Member and A-Reserve provided by ARK-Web co., ltd. are plugins for Movable Type which provide functions to build a membership website or a reservation website. A-Member and A-Reserve contain SQL injection CWE-89 vulnerability due to the issue in processing cookie values. Impact An attacker who...

9.8CVSS9.7AI score0.01269EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/27 12:0 a.m.57 views

JVN#16136413: Installers of Sony PaSoRi related software may insecurely load Dynamic Link Libraries

PaSoRi provided by Sony Corporation is contactless IC card reader/writer. Installers of PaSoRi driver and other related software for Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with t...

9.3CVSS7.8AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/02/15 12:0 a.m.57 views

JVN#55489964: Multiple vulnerabilities in Apache Brooklyn

Apache Brooklyn is a framework for modeling, monitoring, and managing applications. Apache Brooklyn contains the following vulnerabilities. It is known that proof-of-concept code to exploit these vulnerabilties exist. Cross-site Scripting Vulnerabilities CWE-79 - CVE-2017-3165 Version| Vector|...

8.8CVSS6.5AI score0.01963EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/10/07 12:0 a.m.57 views

JVN#80157683: SetucoCMS multiple vulnerabilities

SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains multiple vulnerabilities listed below. Cross-site request forgery - CVE-2016-4891 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

8.8CVSS7.3AI score0.02136EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/08/15 12:0 a.m.57 views

JVN#48039501: Shutter vulnerable to SQL injection

Shutter provided by tenfourzero is a web package allowing users to share their photos. lib/admin.php in Shutter contains a SQL injection vulnerability. Impact If an administrator views a malicious page while logged in, an arbitrary SQL command may be executed. Solution Uninstall the Software...

7.5CVSS7.4AI score0.01164EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/05/20 12:0 a.m.57 views

JVN#02331156 HP System Management Homepage vulnerable to cross-site scripting

HP System Management Homepage SMH from Hewlett-Packard is a web-based interface that can manage HP servers. SMH contains a cross-site scripting vulnerability. This vulnerability is different from JVN19240523. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the...

4.3CVSS5.8AI score0.02855EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/06/19 12:0 a.m.57 views

JVN#16535199: Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability

Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a cross-site scripting vulnerability. It occurs when the value of the Accept-Language header sent from a client is non-standard. The developer ha...

2.6CVSS8.7AI score0.19889EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/06/27 12:0 a.m.56 views

JVN#78634340: Multiple vulnerabilities in WAVLINK WL-WN531AX2

WL-WN531AX2 provided by WAVLINK contains multiple vulnerabilities listed below. Client-side enforcement of server-side security CWE-602 - CVE-2023-32612 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:C/I:C/A:C|...

8.1CVSS7.6AI score0.00734EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/10 12:0 a.m.56 views

JVN#65388002: WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting

WordPress Plugin "Quiz And Survey Master" provided by ExpressTech contains a cross-site scripting vulnerability CWE-79 due to the flow in handling some URL query parameters. Impact An arbitrary script may be executed on the user's web browser. Solution Update the plugin Update the plugin accordin...

6.1CVSS2.5AI score0.03515EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/22 12:0 a.m.56 views

JVN#55833077: yappa-ng vulnerable to cross-site scripting

yappa-ng provided by yet another PHP photo album next generation according to the original report submitted by the reporter is a PHP photo gallery. yappa-ng contains a cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the user's web browser. Impact An...

4.3CVSS6.2AI score0.03722EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 12:0 a.m.56 views

JVN#97370614: MagazinegerZ vulnerable to cross-site scripting

MagazinegerZ provided by CGI Script Market is a CGI script which provides a function to enable email newsletter distribution for a website. MagazinegerZ contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of the administrative...

6.1CVSS6.1AI score0.00756EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/12/15 12:0 a.m.56 views

JVN#94169589: Multiple vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Denial-of-service DoS due to improper verification of input values CWE-400 - CVE-2020-5682 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L| Base Score: 5.3 CVSS v2|...

7.5CVSS7.7AI score0.02982EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/08/11 12:0 a.m.56 views

JVN#46258789: Multiple vulnerabilities in CyberMail

CyberMail contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2020-5540 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 Open Redirect CWE-601 -...

6.1CVSS6.7AI score0.01501EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/27 12:0 a.m.56 views

JVN#01040170: WordPress plugin "WP Google Map Plugin" vulnerable to cross-site scripting

The WordPress plugin "WP Google Map Plugin" provided by Flipper Code contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by...

5.4CVSS5.3AI score0.01066EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/15 12:0 a.m.56 views

JVN#39896275: The installer of PhishWall Client Firefox and Chrome edition for Windows may insecurely load Dynamic Link Libraries

PhishWall Client Firefox and Chrome edition for Windows provided by SecureBrain Corporation is an anti-phishing and anti-MITB software. The installer of PhishWall Client Firefox and Chrome edition for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic...

7.8CVSS7.6AI score0.00963EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/27 12:0 a.m.56 views

JVN#01312667: Multiple vulnerabilities in I-O DATA WN-AX1167GR

WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below. Hard-coded credentials CWE-798 - CVE-2017-2280 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

8.8CVSS8.7AI score0.00843EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/26 12:0 a.m.56 views

JVN#01775119: Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology may insecurely load Dynamic Link Libraries

Denshi Nyusatsu Check Tool provided by Ministry of Education, Culture, Sports, Science and Technology MEXT contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user running...

9.8CVSS9.4AI score0.01468EPSS
Exploits0
Total number of security vulnerabilities5000