Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/06/25 12:0 a.m.48 views

JVN#80006084: Web Kyukincho vulnerable to cross-site scripting

Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the user's web browser. Solution Update the Software Update to the latest...

4.3CVSS5.8AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/04/04 12:0 a.m.48 views

JVN#04288738: Active! mail vulnerable to information disclosure

Active! mail provided by TransWARE is a webmail software. Active! mail contains an information disclosure vulnerability. Impact If the "external public interface" is enabled, an attacker who can log into the server may obtain users credentials. Solution Restrict log-in to the server Allow...

1.9CVSS6.1AI score0.00304EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/12/06 12:0 a.m.48 views

JVN#23563149: KENT-WEB ACCESS REPORT vulnerable to cross-site scripting

ACCESS REPORT provided by KENT-WEB is a software to analyze web access logs. ACCESS REPORT contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page. Note that this vulnerability is different from JVN68830017. Impact An...

4.3CVSS5.8AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/09/20 12:0 a.m.48 views

JVN#56373673: myLittleAdmin for SQL Server 2000 vulnerable to arbitrary script execution

myLittleAdmin for SQL server 2000 from myLittleTools is a web-based database management software.The management screen in myLittleAdmin for SQL server 2000 contains a vulnerability that may allow arbitrary script execution. Impact When a user accesses a malicious database entry through the...

4.3CVSS6.8AI score0.00931EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/05/25 12:0 a.m.48 views

JVN#21422837: Roundcube Webmail vulnerable to cross-site scripting

Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer when viewing a specially crafted image file. Solution Update the...

2.6CVSS5.5AI score0.01812EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/10/13 12:0 a.m.48 views

JVN#07414354: DAEMON Tools vulnerable to denial-of-service

DAEMON Tools is a software for optical media emulation. DAEMON Tools contains a denial-of-service DoS vulnerability. Impact An attacker that can login to the system with the software running may cause the system to crash. Solution Update the Software Update to the latest version according to the...

4.9CVSS6AI score0.00736EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/07/18 12:0 a.m.48 views

JVN#81667751 Directory traversal vulnerability in WebLogic Server and WebLogic Express plug-ins

WebLogic Server and WebLogic Express are application servers based on Java Platform Enterprise Edition 5 JavaEE5 and provided by Oracle formerly BEA Systems, Inc.. Plug-ins for Apache, Sun, and Microsoft IIS web servers which are included in WebLogic Server and WebLogic Express contain a director...

7.5CVSS6.1AI score0.03093EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/07/14 12:0 a.m.48 views

JVN#88676089 Safari installed in iPod touch and iPhone vulnerable in handling server certificates

Safari is a web browser provided by Apple. Safari installed in iPod touch and iPhone accepts a self-signed or invalid server cerficate without the user's explicit concent when connecting via SSL/TLS. According to Apple, "When Safari accesses a website that uses a self-signed or invalid certificat...

4.3CVSS6AI score0.01214EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.48 views

MTCMS WYSIWYG Editor cross-site scripting vulnerability

Overview MTCMS WYSIWYG Editor, weblog management software from SKYARC System, contains a cross-site scripting vulnerability. MTCMS WYSIWYG Editor from SKYARC System is management software used to update Movable Type contents, etc. The install.cgi in MTCMS WYSIWYG Editor contains a cross-site...

4.3CVSS6.3AI score0.01065EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/02/14 12:0 a.m.48 views

JVN#48566866 ColdFusion error page cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected ColdFusion MX 6.X ColdFusion MX 7.X For more information, refer to the vendor's website...

4.3CVSS6.2AI score0.08336EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/09/05 12:0 a.m.47 views

JVN#78113802: Multiple vulnerabilities in F-RevoCRM

F-RevoCRM provided by Thinkingreed Inc. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2023-41149 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5...

9.8CVSS7.4AI score0.01261EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/21 12:0 a.m.47 views

JVN#04876736: Multiple vulnerabilities in LuxCal Web Calendar

LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2023-39543 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 SQL...

9.1CVSS7.7AI score0.00705EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/28 12:0 a.m.47 views

JVN#57073973: "JustSystems JUST Online Update for J-License" starts a program with an unquoted file path

"JustSystems JUST Online Update for J-License" is bundled with multiple products for corporate users provided by JustSystems Corporation, as in Ichitaro through Pro5 and others, and it is registered as a Windows service. "JustSystems JUST Online Update for J-License" starts another program with a...

9.8CVSS9.3AI score0.00737EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/27 12:0 a.m.47 views

JVN#27256219: RevoWorks incomplete filtering of MS Office v4 macros

RevoWorks SCVX, RevoWorks Browser and RevoWorks Desktop provided by J's Communication Co., Ltd. enables users to execute web browsers, accessing drives, folders, files and registries in a sandboxed environment. Users can download files from the internet to the sandboxed environment, sanitizing...

7.8CVSS7.5AI score0.00579EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/12 12:0 a.m.47 views

JVN#49047921: Jimoty App for Android uses a hard-coded API key for an external service

Jimoty App for Android provided by Jimoty, Inc. uses a hard-coded API key for an external service CWE-798. Impact API key for an external service may be obtained by analyzing data in the app. Note that a user is not directly affected by this vulnerability. Solution Update the Application Update t...

3.3CVSS3.7AI score0.00203EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/16 12:0 a.m.47 views

JVN#85492429: WordPress Plugin "Push Notifications for WordPress (Lite)" vulnerable to cross-site request forgery

WordPress Plugin "Push Notifications for WordPress Lite" provided by Delite Studio contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Update the...

8.8CVSS8.7AI score0.00653EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/10/29 12:0 a.m.47 views

JVN#49465877: Android App "Mercari (Merpay) - Marketplace and Mobile Payments App" (Japan version) vulnerable to improper handling of Intent

Android App "Mercari Merpay - Marketplace and Mobile Payments App" Japan version provided by Mercari, Inc. is vulnerable to improper handling of Intent CWE-939. Impact If a user who is using the vulnerable application accesses a malicious page, the malicious page can launch an arbitrary Activity ...

7.5CVSS7.4AI score0.01329EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/19 12:0 a.m.47 views

JVN#57544707: GROWI vulnerable to cross-site scripting

GROWI provided by WESEEK, Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update the software to the latest version according to the information provided by the developer. Products Affect...

6.1CVSS6AI score0.01044EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/10/14 12:0 a.m.47 views

JVN#92404841: WordPress Plugin "Live Chat – Live support" vulnerable to cross-site request forgery

WordPress Plugin "Live Chat - Live support" provided by onWebChat contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious web page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the...

8.8CVSS8.6AI score0.00818EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/09/07 12:0 a.m.47 views

JVN#32396594: Yodobashi App for Android fails to restrict access permissions

Yodobashi App for Android provided by Yodobashi Camera Co.,Ltd. implements the function to access a requested URL using an Intent. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an Intent from an arbitrary App and to access an...

6.1CVSS6.2AI score0.00864EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/07/22 12:0 a.m.47 views

JVN#05502028: WordPress Plugin "Social Sharing Plugin" vulnerable to cross-site request forgery

WordPress Plugin "Social Sharing Plugin" provided by Social Rocket contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the...

8.8CVSS8.6AI score0.01163EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/05/22 12:0 a.m.47 views

JVN#51737843: Multiple vulnerabilities in Cybozu Office

Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Information disclosure in the application "Message" when viewing an external image CWE-200 - CVE-2018-0526 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N| Base Score:...

6.5CVSS5.4AI score0.01069EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 12:0 a.m.47 views

JVN#96655441: QQQ SYSTEMS vulnerable to cross-site scripting

QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. quizop.cgi of QQQ SYSTEMS contains a cross-site scripting vulnerability CWE-79. When a user accesses a malicious page and is redirected to a page created with the product, an arbitrary script may be executed on the user...

6.1CVSS6AI score0.00746EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/08 12:0 a.m.47 views

JVN#60032768: WordPress plugin "WP All Import" vulnerable to cross-site scripting

The WordPress plugin "WP All Import" provided by Soflyy contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the developer...

6.1CVSS6AI score0.01537EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/09 12:0 a.m.47 views

JVN#39605485: The installer of The Public Certification Service for Individuals "The JPKI user's software" may insecurely load Dynamic Link Libraries

The installer of The Public Certification Service for Individuals "The JPKI user's software" provided by Japan Agency for Local Authority Information Systems J-LIS contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be...

7.3CVSS7.3AI score0.00505EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/14 12:0 a.m.47 views

JVN#05340816: Multiple installers of Toshiba memory card related software may insecurely load Dynamic Link Libraries

Multiple installers of Toshiba memory card related software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installe...

9.3CVSS8.8AI score0.0299EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/14 12:0 a.m.47 views

JVN#01537659: WN-AC1167GR vulnerable to cross-site scripting

WN-AC1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AC1167GR contains a stored cross-site scripting vulnerability CWE-79. Impact If a user accesses a malicious URL while logged in, an arbitrary script may be executed on the user's web browser. Solution Update the Firmware...

5.4CVSS5.3AI score0.00891EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/12/19 12:0 a.m.47 views

JVN#14631222: Cybozu Garoon fails to restrict access permissions

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains following multiple vulnerabilities in restricting access permissions. Access restriction flaw in the RSS settings - CVE-2016-4908 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N|...

4.3CVSS5.2AI score0.0113EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/09/29 12:0 a.m.47 views

JVN#50347324: ManageEngine ServiceDesk Plus vulnerable to cross-site scripting

ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus contains a stored cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on a web browser of a user that is logged in. Solution Update the software Upda...

5.4CVSS5.2AI score0.01927EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/09/20 12:0 a.m.47 views

JVN#49343562: Money Forward Apps for Android vulnerability that allows unintended operations

Money Forward Apps for Android contain a vulnerability where unintended operations may be performed. Impact When a user executes a malicious application, it may perform an unintended operation. Solution Update the Application Update to the latest version according to the information provided by t...

7.8CVSS7.4AI score0.01367EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/08/22 12:0 a.m.47 views

JVN#93411577: Cybozu Garoon fails to restrict access permissions

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon fails to restrict access permissions in the error page. Impact A user may be able to obtain product settings information. Solution Update the Software Update to the latest version according to the information provided by the...

4.3CVSS4.6AI score0.01024EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/06/07 12:0 a.m.47 views

JVN#03188560: Apache Struts 1 vulnerability that allows unintended remote operations against components on memory

The Apache Sturts 1 ActionForm contains a vulnerability which allows unintended remote operations against components on server memory, such as Servlets and ClassLoader, when the following 2 conditions are met: Condition 1: When the following ActionForm including its subclasses are in the session...

8.1CVSS8.5AI score0.13122EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/07/09 12:0 a.m.47 views

JVN#78187936: Cacti vulnerable to cross-site scripting

Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameters in settings.php. Impact If a user views a malicious page while logged in, an arbitrary script may be executed on the...

4.3CVSS5.3AI score0.01846EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/18 12:0 a.m.47 views

JVN#83881261: Ruby on Rails library Paperclip vulnerable to cross-site scripting

Paperclip provided by thoughtbot is a library to upload files in Ruby on Rails. Paperclip contains a persistent cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to t...

4.3CVSS8.8AI score0.02121EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/05 12:0 a.m.47 views

JVN#79284156: NetFlow Analyzer vulnerable to cross-site request forgery

NetFlow Analyzer provided by Zoho Corporation is a traffic analysis tool. NetFlow Analyzer contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, various administrative functions may be performed. Solution Update the software build and apply...

6.8CVSS6.3AI score0.02009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/03/24 12:0 a.m.47 views

JVN#86448949: The Validator in TERASOLUNA Server Framework for Java(WEB) vulnerable to input validation bypass

The Validator in Apache Struts 1.1 and later contains a function MPV -- Multi Page Validator to efficiently define rules for input validation across multiple pages during screen transitions. The MPV contains a vulnerability where input validation may be bypassed. When the Apache Struts 1 Validato...

7.5CVSS7.6AI score0.21261EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/12/02 12:0 a.m.47 views

JVN#67792023: Multiple improper data validation vulnerabilities in Syslink driver for Texas Instruments OMAP mobile processors

The OMAP mobile processor provided by Texas Instruments is used in some Android tablets, smartphones and other devices. The Syslink driver for some OMAP mobile processors is used to implement the communication of processes between the host and slave processors. The Syslink driver contains multipl...

4.6CVSS7.3AI score0.00377EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/01/22 12:0 a.m.47 views

JVN#51770585: EC-CUBE vulnerable to authorization bypass

EC-CUBE from EC-CUBE CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an authorization bypass vulnerability CWE-639. Impact A user of the affected shopping website may obtain other users' information by sending a crafted HTTP request. Solution Apply the update or...

9.1CVSS9.1AI score0.02245EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/07/17 12:0 a.m.47 views

JVN#07497769: Oracle Outside In vulnerable to buffer overflow

Oracle Outside In is a library to decode over 500 file types. Oracle Outside In contains a buffer overflow vulnerability. Impact When Oracle Outside In processes a specially crafted Ichitaro Word Processor file, arbitrary code may be executed. Solution Apply an update Update to the latest version...

6.8CVSS6.8AI score0.01385EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/10/10 12:0 a.m.47 views

JVN#63650108: Smarty vulnerable to cross-site scripting

Smarty is a template engine for PHP. Smarty contains a cross-site scripting vulnerability when displaying an error message. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the...

4.3CVSS5.6AI score0.02462EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/10/31 12:0 a.m.47 views

JVN#56667137: Multiple SKYARC System Co., Ltd. products vulnerable to cross-site request forgery

MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into MTCMS or a Movable Type implementation with any of the plugins from "Products Affected" running, information...

6.8CVSS6.4AI score0.00586EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/03/10 12:0 a.m.47 views

JVN#81294135: IBM Tivoli vulnerable to denial-of-service (DoS)

IBM Tivoli contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. Impact A remote attacker may cause a denial-of-service DoS. Solution Apply a patch Apply the appropriate patch according to the information provided by the developer. Products Affected A wid...

5CVSS8.6AI score0.2349EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/02/02 12:0 a.m.47 views

JVN#33880169: Opera may insecurely load executable files

Opera loads certain executables .exe when opening the folder where downloaded contents are stored. Opera contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of running the application. Solution Update...

7.6CVSS6.9AI score0.04513EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/09/05 12:0 a.m.47 views

JVN#62868899 7-ZIP32.DLL buffer overflow vulnerability

7-ZIP32.DLL is an open source library for compression and decompression supporting 7z, zip, and some other format files. 7-ZIP32.DLL is based on "Integrated Archiver API Specification", and called from the compression/decompression software. 7-ZIP32.DLL contains a buffer overflow vulnerability. I...

6.8CVSS7.8AI score0.05556EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/06/18 12:0 a.m.47 views

JVN#95019167 Internet Explorer vulnerable in handling MHTML protocol

When Internet Explorer accesses a website using MHTML MIME Encapsulation of Aggregate HTML, Internet Explorer processes the contents as MHTML data, ignoring their actual content types, and it does not properly handle the Content-Disposition header field. This could cause a dialog box not to be...

4.3CVSS6.1AI score0.2504EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/04/03 12:0 a.m.46 views

JVN#59547048: WinRAR vulnerable to the symbolic link based "Mark of the Web" check bypass

WinRAR provided by RARLAB contains a vulnerability that bypasses the "Mark of the Web" CWE-356 security warning function for files when opening a symbolic link that points to an executable file. In the initial Windows configuration, only administrators have the privilege to create symbolic links...

6.8CVSS7.5AI score0.01233EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/12/21 12:0 a.m.46 views

JVN#43561812: +Message App improper handling of Unicode control characters

+Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links CWE-451. Impact A spoofed URL may be displayed and phishing attacks may be...

5.4CVSS5.1AI score0.00488EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/01 12:0 a.m.46 views

JVN#46345126: Multiple vulnerabilities in the web interfaces of Kyocera Document Solutions MFPs and printers

The web interface "Command Center" of multiple MFPs and printers provided by KYOCERA Document Solutions Inc. contain multiple vulnerabilities listed below. Session Information Easily Guessable CWE-287 - CVE-2022-41798 Version| Vector| Score ---|---|--- CVSS v3|...

6.5CVSS6.4AI score0.00823EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/25 12:0 a.m.46 views

JVN#70100915: Multiple vulnerabilities in TransmitMail

TransmitMail is a PHP based mail form system. TransmitMail contains multiple vulnerabilities listed below. Directory traversal vulnerability due to the improper validation of external input values CWE-22 - CVE-2022-22146 Version| Vector| Score ---|---|--- CVSS v3|...

7.5CVSS7.1AI score0.02001EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/19 12:0 a.m.46 views

JVN#64806328: Canon laser printers and small office multifunctional printers vulnerable to cross-site scripting

Multiple Canon laser printers and small office multifunctional printers contain a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the product settings screen. Solution Update the firmware Update the...

4.8CVSS4.9AI score0.00842EPSS
Exploits0
Total number of security vulnerabilities5000