Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/10/03 12:0 a.m.•41 views

JVN#61208749 Webmin OS command injection vulnerability

Webmin is a web-based system management tool. Webmin for Windows contains a vulnerability that allows an unauthorized Webmin user to execute OS commands by entering a specially crafted URL. Impact An attacker could execute arbitrary OS commands with Local System privileges on a computer where...

9CVSS7AI score0.02445EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/08/15 12:0 a.m.•41 views

JVN#59851336 Apache Tomcat Host Manager cross-site scripting vulnerability

Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. The Host Manager Servlet does not properly filter user supplied data. This enables a cross-site scripting attack. Impact An arbitrary script could be executed on the...

4.3CVSS7.1AI score0.58956EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/09/30 12:0 a.m.•41 views

JVN#79314822: Tomcat vulnerable in request processing

Apache Tomcat, an implementation of the Java Servlet and JavaServer Pages technologies, contains a vulnerability in processing specific requests. The Apache Software Foundation currently does not support AJP 1.3 Connector, and recommends the use of Coyote JK Connector instead. It also recommends...

2.6CVSS7.5AI score0.06521EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/25 12:0 a.m.•40 views

JVN#00876083: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability due to inappropriate Slug handling on Article Edit CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2024-46996 Stored cross-site scripting...

7.1CVSS6.3AI score0.00328EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/29 12:0 a.m.•40 views

JVN#77203800: OET-213H-BTS1 missing authorization check in the initial configuration

OET-213H-BTS1 is a digital temperature measurement and face recognition terminal, developed by Zhejiang Uniview Technologies Co.,Ltd and provided by Atsumi Electric Co., Ltd. The initial configuration of the product is ​insecure CWE-1188, it does not perform an authorization check when processing...

8.3CVSS6.1AI score0.00333EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/04 12:0 a.m.•40 views

JVN#82758000: Multiple vulnerabilities in SHIRASAGI

SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2023-36492 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score:...

8.8CVSS7.3AI score0.0107EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/04 12:0 a.m.•40 views

JVN#38847224: Fujitsu Software Infrastructure Manager (ISM) stores sensitive information in cleartext

Fujitsu Software Infrastructure Manager ISM V2.8.0.060, provided by Fujitsu Limited, stores the password for the proxy server in cleartext form to the product's maintenance data ismsnap CWE-312 under the following conditions. Using a proxy server that requires authentication in the connection fro...

7.5CVSS5.8AI score0.00351EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/12 12:0 a.m.•40 views

JVN#57296685: Multiple vulnerabilities in PIXELA PIX-RT100

PIX-RT100 provided by PIXELA CORPORATION contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-22304 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.0 CVSS v2| AV:A/AC:L/Au:S/C:C/I:C/A:C| Base Score: 7.7...

8CVSS7.9AI score0.00893EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/11 12:0 a.m.•40 views

JVN#03832974: pgAdmin 4 vulnerable to open redirect

pgAdmin 4 provided by pgAdmin Project contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update the softwar...

6.1CVSS6.2AI score0.0091EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/11/08 12:0 a.m.•40 views

JVN#59663854: WordPress Plugin "Salon booking system" vulnerable to cross-site scripting

WordPress Plugin "Salon booking system" contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the WordPress administrative page where the product is installed. Solution Update the plugin Update the plug...

6.1CVSS6AI score0.00785EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/10/25 12:0 a.m.•40 views

JVN#86350682: Multiple vulnerabilities in SHIRASAGI

SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2022-43479 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 Stored...

6.1CVSS6.3AI score0.00918EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/09/15 12:0 a.m.•40 views

JVN#21213852: Multiple vulnerabilities in EC-CUBE

EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Directory traversal vulnerability CWE-22 - CVE-2022-40199 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N| Base Score: 2.7 CVSS v2| AV:N/AC:L/Au:S/C:P/I:N/A:N| Base Score:...

5.4CVSS4.8AI score0.01056EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/05/13 12:0 a.m.•40 views

JVN#44550983: Strapi vulnerable to cross-site scripting

Strapi contains a stored cross-site scripting vulnerability CWE-79 in the file upload function. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege. Solution Update the Software Update the software to the...

4.8CVSS4.8AI score0.00712EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/11/16 12:0 a.m.•40 views

JVN#22515597: rwtxt vulnerable to cross-site scripting

rwtxt provided by Zack Scholl is a light-weight content management system CMS that enables to share and/or view any text saved online. rwtxt contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the website...

6.1CVSS6AI score0.00877EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/26 12:0 a.m.•40 views

JVN#19386781: STAMP Workbench installer may insecurely load Dynamic Link Libraries

STAMP Workbench is a modeling tool for STAMP provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA. It is distirbuted as a ZIP archive or an Windows executable installer. The Windows executable installer contains an issue with the DLL search path, which may lead to insecurely loading...

7.8CVSS7.7AI score0.00755EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/08/17 12:0 a.m.•40 views

JVN#53292345: Teikihoukokusho Sakuseishien Tool may insecurely load Dynamic Link Libraries

Teikihoukokusho Sakuseishien Tool provided by Agency for Natural Resources and Energy of METI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. The tool is provided as a ZIP archive. It is assumed that a user extracts the tool the...

9.3CVSS7.7AI score0.01238EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/20 12:0 a.m.•40 views

JVN#65411235: Multiple I-O DATA network camera products vulnerable to cross-site request forgery

Multiple network camera products provided by I-O DATA DEVICE, INC. contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Firmware Apply the appropriate firmware update...

8.8CVSS8.8AI score0.00913EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/19 12:0 a.m.•40 views

JVN#12493656: The installer of Empirical Project Monitor - eXtended may insecurely load Dynamic Link Libraries

The installer of Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoki...

7.8CVSS7.7AI score0.01419EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/11 12:0 a.m.•40 views

JVN#51819749: SOY CMS vulnerable to directory traversal

SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is a Contents Management System CMS. SOY CMS contains a directory traversal vulnerability CWE-22 due to a flaw in processing shopid parameter. Impact An authenticated attacker may execute arbitrary PHP code on the server. Solution Updat...

7.5CVSS7.7AI score0.02483EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/20 12:0 a.m.•40 views

JVN#54762089: WordPress plugin "Booking Calendar" vulnerable to cross-site scripting

The WordPress plugin "Booking Calendar" provided by wpdevelop contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user accessing the page generated by the application. Solution Update the Software Update to the latest...

6.1CVSS6AI score0.0085EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/11 12:0 a.m.•40 views

JVN#82019695: ASSETBASE vulnerable to cross-site scripting

ASSETBASE provided by UCHIDA YOKO CO., LTD. is an IT asset management tool. ASSETBASE contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user who logged-in as an administrator. Solution Update the Software Update to the latest...

6.1CVSS6.1AI score0.01174EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/16 12:0 a.m.•40 views

JVN#83917769: AttacheCase vulnerable to directory traversal

AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains a directory traversal vulnerability CWE-22 due to a flaw in processing filenames in ATC files. Impact Decrypting a crafted ATC file may result in creation of an arbitrary file or overwriting o...

5.5CVSS5.5AI score0.02605EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 12:0 a.m.•40 views

JVN#46351856: Docomo L-04D mobile WiFi router vulnerable to cross-site request forgery

L-04D provided by NTT DOCOMO, INC. is a wireless WiFi router. L-04D contains a cross-site request forgery vulnerability in the the web management screen. Impact If a user views a malicious page while logged-in, unintended operations may be conducted. Solution Update the firmware Update the firmwa...

8.8CVSS8.6AI score0.00977EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/08 12:0 a.m.•40 views

JVN#35062083: Multiple I-O DATA Recording Hard disk products vulnerable to cross-site request forgery

Multiple Recording Hard disk products provided by I-O DATA DEVICE, INC. contain a cross-site request forgery vulnerability due to an issue in the web management screen. Impact If a user views a malicious page, an arbitrary content may be deleted. Solution Update the Firmware Apply the appropriate...

8.8CVSS8.7AI score0.02385EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/22 12:0 a.m.•40 views

JVN#40696431: EC-CUBE plugin "Coupon Plugin" vulnerable to SQL injection

EC-CUBE plugin "Coupon Plugin" provided by Seed Inc. contains an SQL injection vulnerability CWE-89. Impact Information stored in the database may be obtained or altered by a remote attacker. Solution Update the plugin Update to the latest version according to the information provided by the...

9.8CVSS9.7AI score0.021EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/24 12:0 a.m.•40 views

JVN#61578437: WordPress plugin "Welcart e-Commerce" vulnerable to session management

WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a vulnerability in session management. Impact A remote attacker who knows a user's e-mail address may log in with the user privilege. As a result, arbitrary operations may be conducted. Solution Update the Software Update to t...

6.5CVSS6.4AI score0.01772EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/24 12:0 a.m.•40 views

JVN#85112513: php-contact-form vulnerable to cross-site scripting

php-contact-form provided by Kobe Beauty Co., Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products...

6.1CVSS6AI score0.01633EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/25 12:0 a.m.•40 views

JVN#91816422: kintone mobile for Android fails to verify SSL server certificates

kintone mobile for Android provided by Cybozu, Inc. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...

5.9CVSS5.5AI score0.00928EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 12:0 a.m.•40 views

JVN#26627848: baserCMS plugin "Menubook Plugin" multiple vulnerabilities

baserCMS plugin "Menubook Plugin" contains multiple vulnerabilities: Cross-site scripting CWE-79 - CVE-2016-1169 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:L/Au:S/C:N/I:P/A:N| Base Score: 4.0 Cross-site request forger...

8.8CVSS7.4AI score0.01009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/30 12:0 a.m.•40 views

JVN#66984217: MATCHA INVOICE vulnerable to code injection

MATCHA INVOICE provided by ICZ Corporation is a web-based billing management software. MATCHA INVOICE contains a code injection CWE-94 vulnerability due to a flaw when configuring the database during installation. Impact An unauthenticated attacker who can execute the installer may execute...

6.8CVSS7.4AI score0.01321EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/15 12:0 a.m.•40 views

JVN#64051989: acmailer vulnerable to directory traversal

acmailer provided by Seeds Co.,Ltd. contains a directory traversal CWE-22 vulnerability. Impact An authenticated attacker may delete files on the server. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected acmailer...

5.5CVSS6AI score0.01575EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/10 12:0 a.m.•40 views

JVN#22546110: LINE@ vulnerable to script injection

LINE@ provided by LINE Corporation is an application used to communicate with others. LINE@ is vulnerable to MITM man-in-the-middle attacks since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle attacker...

5.9CVSS5.3AI score0.0018EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/25 12:0 a.m.•40 views

JVN#25336719: namshi/jose fails to verify token signatures

namshi/jose is a PHP library for handling JSON Web Tokens JWT. namshi/jose contains a vulnerability in processing JWT headers where it fails to verify token signatures. Impact Specially crafted tokens may be validated as token data with valid signatures. Solution Update the Software Update to the...

5CVSS6.1AI score0.01385EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/01/23 12:0 a.m.•40 views

JVN#94502417: shiromuku(bu2)BBS vulnerable to arbitrary file creation

shiromukubu2BBS from Perl CGI's By Mrs. Shiromuku is a bulletin board software. shiromukubu2BBS contains a vulnerability that may allow a remote attacker to create arbitrary files. Impact A remote attacker creating arbitrary files may result in arbitrary code execution on the server. Solution...

7.5CVSS7.1AI score0.02622EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/13 12:0 a.m.•41 views

JVN#16318793: Ichitaro series vulnerable to arbitrary code execution

The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. For more information, please refer to the developer's website. Impact When a user opens a specially crafted file, arbitrary code may be executed. Solution...

10CVSS6.8AI score0.05335EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/25 12:0 a.m.•40 views

JVN#87863382: N-Media file uploader vulnerability in handling uploaded files

N-Media file uploader is a plugin for WordPress. N-Media file uploader contains a vulnerability CWE-264 in the way it handles uploaded files. As a result, an arbitrary PHP script which is uploaded may be executed. Impact A user with "Author" privileges and above may execute an arbitrary command o...

6.5CVSS6.6AI score0.01739EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/03/18 12:0 a.m.•40 views

JVN#81739241: sp mode mail issue when accessing attachments in incoming mail

sp mode mail provided by NTT DOCOMO contains a function that allows other Android applications to access attachments for incoming emails. This function contains an issue in the restriction of access permissions. Impact If a malicious Android application is installed on the device, attachments for...

4.3CVSS6.3AI score0.00893EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/26 12:0 a.m.•40 views

JVN#26393529: Cybozu Garoon vulnerable to directory traversal

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the process of downloading files. Impact A user who can log in to the product may obtain files on the server. Solution For Cybozu Garoon 3.7: Apply the Patch Apply the appropriate...

4CVSS6.2AI score0.01488EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/28 12:0 a.m.•40 views

JVN#91153528: Multiple SQL injection vulnerabilities in Cybozu Garoon

Cybozu Garoon contains issues in the process of page navigation link and input through API, which may result in SQL injection. Impact A user who can log in to the system may obtain or alter data in the database. Solution Apply the Patch Apply the appropriate patch according to the information...

6.5CVSS6.4AI score0.0104EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/25 12:0 a.m.•40 views

JVN#60997973: Cybozu Garoon vulnerable to SQL injection

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in processing input through API, which may result in SQL injection. Impact A user who can log in to the system may alter information stored in the database. Solution Apply the Patch Apply the appropriate patch...

6.5CVSS6.5AI score0.01554EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/03 12:0 a.m.•40 views

JVN#84221103: Cybozu Garoon vulnerable to mail header injection

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a mail header injection vulnerability in the Phone Messages function. Impact If the function that forwards Phone Messages to an email address is configured, the header of the email to be forwarded may be altered. Solutio...

3.5CVSS6.5AI score0.00962EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/12 12:0 a.m.•40 views

JVN#44999463: Ichitaro series vulnerable to arbitrary code execution

The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. For more information, please refer to the developer's website. Impact When a user opens a specially crafted file, arbitrary code may be executed. Solution...

9.3CVSS7AI score0.04587EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/06/27 12:0 a.m.•40 views

JVN#34900750: EC-CUBE vulnerable to code injection

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a code injection vulnerability. Impact Arbitrary PHP code may be executed with the privilege of the application on the server where it resides. Solution Apply the update or patch Apply the updat...

7.5CVSS6.9AI score0.04285EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/06/27 12:0 a.m.•40 views

JVN#26394323: POST-MAIL vulnerable to cross-site scripting

POST-MAIL provided by KENT-WEB contains an issue in the webpage output of strings entered in the form, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version accordin...

4.3CVSS5.9AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/03/19 12:0 a.m.•40 views

JVN#59503133: Multiple NEC mobile routers vulnerable to cross-site request forgery

Multiple mobile routers provided by NEC contain a vulnerability in web-based management utility, which may result in a cross-site request forgery. Impact If a user views a malicious page while logged in, settings of the product may be initialized, or the product may be rebooted. Solution Update t...

6.8CVSS6.3AI score0.00984EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/12/06 12:0 a.m.•40 views

JVN#68830017: KENT-WEB ACCESS REPORT vulnerable to cross-site scripting

ACCESS REPORT provided by KENT-WEB is a software to analyze web access logs. ACCESS REPORT contains an issue in the processing of access logs, which may lead to a cross-site scripting vulnerability. Note that this vulnerability is different from JVN23563149. Impact An arbitrary script may be...

4.3CVSS5.9AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/07/06 12:0 a.m.•40 views

JVN#79111101: Movable Type plugin MT4i vulnerable to cross-site scripting

MT4i is a Movable Type plugin. MT4i contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN80835745. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the informati...

4.3CVSS5.7AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/19 12:0 a.m.•40 views

JVN#83459967: Janetter vulnerable to cross-site request forgery

Janetter is a client software for using Twitter. Janetter contains a cross-site request forgery vulnerability. Impact When a malicious page is opened with a web browser while Janetter is being used, the user may be impersonated to post tweets, upload local image files, and OS commands may be...

6.8CVSS6.5AI score0.00814EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/11 12:0 a.m.•40 views

JVN#12983784: Cogent DataHub vulnerable to cross-site scripting

Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update the software to the latest version according to the information provided by the...

4.3CVSS5.8AI score0.01341EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/31 12:0 a.m.•40 views

JVN#41032068: Multiple SKYARC System Co., Ltd. products fail to restrict access permissions

MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted. Impact A user without the appropriate privileges may alter settings and files. Solution Apply an update Update to the latest version according to the informati...

5.5CVSS6.4AI score0.01117EPSS
Exploits0
Total number of security vulnerabilities5000