Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/07/18 12:0 a.m.53 views

JVN#49704543 WebProxy from LunarNight Laboratory vulnerable to cross-site scripting

WebProxy is a perl script for web proxy provided by LunarNight Laboratory. WebProxy contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. Products...

4.3CVSS6.1AI score0.02026EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/06/18 12:0 a.m.53 views

JVN#27203006 Internet Explorer vulnerable in MHTML handling

When Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual content types. This behavior may result in executing the scripts embedded in the contents. The MHTML protocol handler is included in the Outlook Express...

4.3CVSS6.1AI score0.2504EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/03/19 12:0 a.m.52 views

JVN#04278547: Multiple vulnerabilities in home gateway HGW-BL1500HM

Home gateway HGW-BL1500HM provided by KDDI CORPORATION contains multiple vulnerabilities listed below. Stored cross-site scripting in the NickName registration screen CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2025-27567 Stored cross-site scripting in the USB storage...

8.8CVSS7.3AI score0.00878EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/11/13 12:0 a.m.52 views

JVN#17806703: Multiple vulnerabilities in Cisco Firepower Management Center Software

Cisco Firepower Management Center Software provided by Cisco Systems contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-20219 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.6 CVSS v2|...

8.8CVSS8.6AI score0.01073EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/31 12:0 a.m.52 views

JVN#60140221: Multiple vulnerabilities in i-PRO VI Web Client

VI Web Client provided by i-PRO Co., Ltd. is Video Insight’s video management software. VI Web Client contains multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2023-38574 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7...

6.1CVSS6.1AI score0.00412EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/07/11 12:0 a.m.52 views

JVN#05223215: Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters

Wireless LAN routers and wireless LAN repeaters provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2023-37560 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

8.8CVSS8AI score0.00827EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/31 12:0 a.m.52 views

JVN#40604023: Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210

SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210 provided by Seiko Solutions Inc. contain multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2016-2183 Version| Vector| Score ---|---|--- CVSS v3|...

9.8CVSS8.7AI score0.95707EPSS
Exploits7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/13 12:0 a.m.52 views

JVN#64453490: Android App "Wolt Delivery: Food and more" uses a hard-coded API key for an external service

Android App "Wolt Delivery: Food and more" provided by Wolt uses a hard-coded API key for an external service CWE-798. Impact The hard-coded API key may be retrieved via reverse-engineering the application binary. Note that the application users are not directly affected by this vulnerability...

7.8CVSS7.4AI score0.00161EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/12 12:0 a.m.52 views

JVN#12610194: Django Extract and Trunc functions vulnerable to SQL injection

Django provided by Django Software Foundation is a Web application framework. Extract and Trunc functions of Django used to treat date data contain an SQL injection vulnerability CWE-89. Impact An attacker may execute an arbitrary SQL command. Data in websites built using the product may be alter...

9.8CVSS9.7AI score0.73274EPSS
Exploits3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/12/11 12:0 a.m.52 views

JVN#55917325: Multiple vulnerabilities in Aterm SA3500G

Aterm SA3500G provided by NEC Corporation contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2020-5635 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2| AV:A/AC:L/Au:N/C:P/I:P/A:P| Base Score: 5.8 OS...

8.8CVSS7.7AI score0.01021EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/08/21 12:0 a.m.52 views

JVN#88315581: Multiple cross-site scripting vulnerabilities in Exment

Exment provided by Kajitori Co.,Ltd contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in some input fields CWE-79 - CVE-2020-5619 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4...

5.4CVSS5.8AI score0.00664EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/03/24 12:0 a.m.52 views

JVN#32415420: Multiple vulnerabiliteis in Shihonkanri Plus GOOUT

Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside. Shihonkanri Plus GOOUT contains multiple vulnerabilities which allow reading/writing an arbitrary file listed below because of the improper validation of input parameter. Directory...

9.1CVSS9.4AI score0.01935EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/05/22 12:0 a.m.52 views

JVN#52319657: Multiple cross-site scripting vulnerabilities in Cybozu Mailwise

Cybozu Mailwise contains multiple cross-site scripting vulnerabilities below. Stored cross-site scripting vulnerability in "E-mail Details Screen" CWE-79 - CVE-2018-0557 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

6.1CVSS6.4AI score0.00809EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/20 12:0 a.m.52 views

JVN#48823557: Multiple Buffalo wireless LAN access point devices do not properly perform authentication

WAPM-1166D and WAPM-APG600H provided by BUFFALO INC. are wireless LAN access point devices. WAPM-1166D and WAPM-APG600H do not properly perform authentication CWE-287. Impact An attacker who can access the device may log in via telnet without authentication and access the configuration interface ...

10CVSS9.5AI score0.0402EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/28 12:0 a.m.52 views

JVN#79451345: Installer of Setup file of advance preparation for e-Tax software (WEB version) may insecurely load Dynamic Link Libraries

Installer of Setup file of advance preparation for e-Tax software WEB version provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking the...

7.8CVSS7.8AI score0.01109EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/02/10 12:0 a.m.52 views

JVN#40667528: Norton Download Manager may insecurely load Dynamic Link Libraries

Norton Download Manager provided by Symantec Japan, Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privileges of the user running the application. Solution Use the latest Norton Download...

7.8CVSS7.7AI score0.0096EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/01/27 12:0 a.m.52 views

JVN#77792759: Multiple ASUS wireless LAN routers vulnerable to OS command injection

Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability. Impact An arbitrary OS command may be executed by an authenticated attacker. In addition, when this vulnerability is exploited along with the vulnerability stated in JVN32631078, an arbitrary ...

6.5CVSS7AI score0.01911EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/02/10 12:0 a.m.52 views

JVN#14876762: Apache Commons FileUpload vulnerable to denial-of-service (DoS)

Apache Commons FileUpload provided by Apache Software Foundation contains an issue in processing a multi-part request, which may cause the process to be in an infinite loop. As of 2014 February 12, an exploit tool to attack against this vulnerability has been confirmed. Impact Processing a...

7.5CVSS7.2AI score0.83175EPSS
Exploits8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/11/02 12:0 a.m.52 views

JVN#75492883: Pebble vulnerability where entries may become unviewable

Pebble is an open source weblog system. Pebble contains an issue in the processing of comments that are posted on blog entries, which may lead to a vulnerability where blog entries may become unviewable. Impact A specially crafted comment being posted may cause an arbitrary blog entry to become...

6.4CVSS6.3AI score0.01511EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/06/10 12:0 a.m.52 views

JVN#18680611: Java Web Start may insecurely load dynamic libraries

Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact An attacker may execute arbitrar...

7.6CVSS8.7AI score0.02948EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/03/04 12:0 a.m.52 views

JVN#16308183: IBM DB2 vulnerable to denial-of-service (DoS)

IBM DB2 contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. Impact An attacker that can create or execute stored procedures may cause a denial-of-service DoS. Solution Apply a patch Apply the appropriate patch according to the information provided by th...

5CVSS9.1AI score0.2349EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/10/15 12:0 a.m.52 views

JVN#36921800: K2Editor may insecurely load executable files

K2Editor is a text editor. K2Editor loads certain executables .exe when opening the folder that contains the text file that is being edited. K2Editor contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privileg...

6.9CVSS7.2AI score0.00279EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/04/19 12:0 a.m.52 views

JVN#19445002 APOP password recovery vulnerability

Impact APOP passwords may be compromised. When the same password is used for other systems, those systems could be compromised as well. Solution Products Affected Mail clients with an APOP implementation As this is a protocol issue, software fixes cannot solve the issue essentially. Encrypted...

2.6CVSS8.1AI score0.02423EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/01/24 12:0 a.m.51 views

JVN#93541851: Oracle WebLogic Server vulnerable to HTTP header injection

Oracle WebLogic Server provided by Oracle contains an HTTP header injection vulnerability CWE-113. Impact This vulnerability could be exploited by a remote attacker to conduct a cross-site scripting attack, etc., and as a result, the displayed page may be altered or an arbitrary script may be...

8.6CVSS8.2AI score0.00503EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/11/17 12:0 a.m.51 views

JVN#22220399: Multiple vulnerabilities in CubeCart

CubeCart provided by CubeCart Limited contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2023-38130 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score: 2.6...

8.1CVSS7.3AI score0.01286EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/03/30 12:0 a.m.51 views

JVN#59576930: Zero-channel BBS Plus vulnerable to cross-site scripting

Zero-channel BBS Plus by Zero-Channel BBS Plus Developers is a bulletin board CGI script. Zero-channel BBS Plus contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the management screen of the product,...

6.1CVSS6AI score0.00719EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/30 12:0 a.m.51 views

JVN#88993473: Multiple vulnerabilities in multiple ELECOM LAN routers

Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Buffer overflow CWE-121 - CVE-2021-20852 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:P/I:P/A:P| Base Score...

8.8CVSS7.6AI score0.00585EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/26 12:0 a.m.51 views

JVN#98239374: Zettlr vulnerable to cross-site scripting

Zettlr provided by Hendrik Erz is a Markdown editor. Zettlr contains a cross-site scripting vulnerability CWE-79. Impact If a file or code snippet containing an invalid iframe is loaded into Zettlr, an arbitrary script may be executed on the system where it runs. Solution Update the Software Upda...

6.1CVSS6.1AI score0.01036EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/01 12:0 a.m.51 views

JVN#73236007: Archive collectively operation utility vulnerable to directory traversal

Archive collectively operation utility provided by EikiSoft contains a directory traversal vulnerability CWE-22 due to a flaw in the processing of the filenames when extracting from ZIP archives. Impact By expanding a malicious ZIP archive, arbitrary files may be created or overwritten with the...

7.1CVSS6.9AI score0.01001EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/17 12:0 a.m.51 views

JVN#08191557: WordPress plugin "Paid Memberships Pro" vulnerable to SQL injection

WordPress Plugin "Paid Memberships Pro" contains an SQL injection vulnerability CWE-89. Impact An attacker who can access Paid Membership Pro may obtain and/or alter the information stored in the database. Solution Update the plugin Update the plugin according to the information provided by the...

8.8CVSS8.8AI score0.02044EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/07/31 12:0 a.m.51 views

JVN#73169744: Multiple vulnerabilities in multiple PHP Factory products

Multiple products provided by PHP Factory contain multiple vulnerabilities listed below. Cross-site Request Forgery CWE-352 - CVE-2020-5615 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score: 2....

9.8CVSS9.7AI score0.03064EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/05 12:0 a.m.51 views

JVN#71816327: Installer of JTrim may insecurely load Dynamic Link Libraries

Installer of JTrim contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use ZIP file format JTrim When using JTrim, download the ZIP fi...

9.3CVSS7.6AI score0.00925EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/24 12:0 a.m.51 views

JVN#17523256: Installer of Tween may insecurely load Dynamic Link Libraries

Tween is a twitter client application. Installer of Tween contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer...

9.3CVSS7.7AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/12/17 12:0 a.m.51 views

JVN#64636058: WinRAR may insecurely load executable files

WinRAR contains a function where user specified files on the local disk can be executed. When this file does not have a file extension, a file of the same name with a file extension contained in the same folder may be executed by WinRAR instead of the user specified file. WinRAR also contains a...

7.4CVSS7.2AI score0.00914EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/11/13 12:0 a.m.51 views

JVN#56210048: Apple OS X authentication issue when recovering from sleep mode

Apple OS X contains an issue with authentication when recovering from sleep mode. This issue exists due to a flaw in the the processing of the text entered in the dialog box upon recovering from sleep mode. Impact When Apple Remote Desktop is used in full screen mode and the remote connection is...

3.7CVSS6.5AI score0.00335EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/29 12:0 a.m.51 views

JVN#21612597: Apache Cordova plugin cordova-plugin-file-transfer vulnerable to HTTP header injection

cordova-plugin-file-transfer, a plugin for Apache Cordova provided by the Apache Software Foundation, provides functionality to upload and download files in applications created by Apache Cordova. It also provides functionality to add HTTP headers. Android applications that use...

4.3CVSS6.5AI score0.0343EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/02/21 12:0 a.m.51 views

JVN#33382534: AutoCAD vulnerable to arbitrary VBScript execution

AutoCAD provided by Autodesk, Inc. is an application for comuputer-aided design CAD. AutoCAD loads specific FAS files when opening files. AutoCAD contains an issue with the FAS file search path, which may lead to arbitrary VBScript code execution. Impact Arbitrary VBScript code may be executed wi...

7.5CVSS6.5AI score0.02493EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/09/06 12:0 a.m.51 views

JVN#19847770: VMware ESX and ESXi vulnerable to buffer overflow

VMware ESX and ESXi contains a buffer overflow vulnerability. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Apply an Update Apply the latest update for the version of the software being used. Products Affected VMware ESXi 5.0 without patch...

7.5CVSS7.7AI score0.03092EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/02/08 12:0 a.m.51 views

JVN#95863326: Cybozu Garoon vulnerable to cross-site scripting

Cybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser when the user is assigned the "logging" permission. Solution Update the Software Update to the latest version accordin...

4.3CVSS5.9AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/02/15 12:0 a.m.51 views

JVN#35256978: cforms II vulnerable to cross-site scripting

cforms II provided by delicious days is a plugin for WordPress. cforms II contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the...

4.3CVSS5.6AI score0.04285EPSS
Exploits3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/12/15 12:0 a.m.51 views

JVN#21120853: Internet Explorer vulnerable to cross-site scripting

Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP or ShiftJIS encoded characters, which may result in cross-site scripting. Impact An arbitrary script may be executed. Solution Update the Software Apply the latest update according to the information provided by...

4.3CVSS5.9AI score0.13615EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/06/09 12:0 a.m.51 views

JVN#63832775: Apache Tomcat information disclosure vulnerability

Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a vulnerability which may allow information disclosure or access to the contents contained in the WEB-INF directory. Impact A remote attacker cou...

5CVSS5AI score0.18685EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/11/20 12:0 a.m.50 views

JVN#15005948: Multiple vulnerabilities in LuxCal Web Calendar

LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2023-46700 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 7.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5 Cross-site...

9.8CVSS8AI score0.0103EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/25 12:0 a.m.50 views

JVN#53682526: Multiple cross-site scripting vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in User management CWE-79 - CVE-2022-39325 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base...

6.1CVSS5.5AI score0.00586EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/24 12:0 a.m.50 views

JVN#46239102: Multiple vulnerabilities in Exment

Exment provided by Kajitori Co.,Ltd contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2022-38080 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:H/Au:S/C:N/I:P/A:N| Base Score: 2.1...

8.8CVSS6.8AI score0.0119EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/03/15 12:0 a.m.50 views

JVN#87751554: Multiple vulnerabilities in pfSense

pfSense software provided by Netgate contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2021-20729 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 Improper...

8.8CVSS8.3AI score0.04229EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/09/23 12:0 a.m.50 views

JVN#60093979: Multiple vulnerabilities in Active Update function implemented in multiple Trend Micro products

Active Update function implemented in Premium Security 2019 for Windows v15, Maximum Security 2019 for Windows v15, Internet Security 2019 for Windows v15 and Antivirus+ 2019 for Windows v15 provided by Trend Micro Incorporated contain multiple vulnerabilities listed below. Update files are not...

7.5CVSS8.2AI score0.01772EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/06/11 12:0 a.m.50 views

JVN#32252648: Multiple vulnerabilities in Zenphoto

Zenphoto is a content management system CMS. Zenphoto contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2020-5592 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base...

8.8CVSS7.4AI score0.01166EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/02/06 12:0 a.m.50 views

JVN#94435544: Movable Type vulnerable to cross-site scripting

Movable Type provided by Six Apart Ltd. contains a cross-site scripting vulnerability CWE-79 in block editor and rich text editor. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Software Update to the latest version according to the information...

6.1CVSS6AI score0.00839EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/11/13 12:0 a.m.50 views

JVN#65280626: Movable Type vulnerable to open redirect

Movable Type provided by Six Apart Ltd. contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update the...

6.1CVSS6.3AI score0.00851EPSS
Exploits0
Total number of security vulnerabilities5000