Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/03 12:0 a.m.•36 views

JVN#82375148: Cybozu Garoon vulnerable to SQL injection

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a SQL injection vulnerability in the Space function. Impact A user who can log in to the product may execute an arbitrary SQL command in the database that the product is referencing. Solution Update the Software Update ...

6.5CVSS7.4AI score0.0104EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/10/30 12:0 a.m.•36 views

JVN#85336306: Use-after-free vulnerability in multiple products that use International Components for Unicode (ICU)

International Components for Unicode ICU is a library for handling Unicode strings. A C version, ICU4C and a Java version, ICU4J are available. Multiple products that use ICU4C contain a use-after-free vulnerability. ICU released ICU4C version 52.1 that addresses this vulnerability on October 9,...

7.5CVSS9.3AI score0.02531EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/10/18 12:0 a.m.•36 views

JVN#52509236: HDL-A and HDL2-A Series vulnerable in session management

HDL-A and HDL2-A Series provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. HDL-A and HDL2-A Series contain a vulnerability related to the management of sessions. Impact A remote unauthenticated attacker may impersonate a user. As a result, information may be disclosed or...

6.8CVSS6.6AI score0.02021EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/09/20 12:0 a.m.•36 views

JVN#43152129: SEIL Series routers vulnerable to buffer overflow

The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contains a buffer overflow vulnerability in processing L2TP messages. Impact An attacker may execute an arbitrary code on the vulnerable system. Solution Update the Firmware Apply the appropriate...

6.8CVSS7.6AI score0.02676EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/07/22 12:0 a.m.•36 views

JVN#26103805: Oracle Enterprise Manager vulnerable to cross-site scripting

Oracle Enterprise Manager provided by Oracle contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an Update Update to the latest version according to the information provided by the developer. Products Affected...

4.3CVSS5.7AI score0.01395EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/04/26 12:0 a.m.•36 views

JVN#55074201: Yahoo! Browser vulnerable to address bar spoofing

Yahoo! Browser contains an issue when opening a new window, which may result in the address bar being spoofed. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution Update the software Update to the latest version according...

5.8CVSS5.9AI score0.0146EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/03/26 12:0 a.m.•36 views

JVN#11434157: OpenWnn/Flick support vulnerable to information disclosure

OpenWnn/Flick support is a Japanese Input Method Editor IME for Android devices. OpenWnn/Flick support contains an issue in the access permissions for the certain files. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product...

5CVSS6.2AI score0.00982EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/02/14 12:0 a.m.•36 views

JVN#78601526: GREE for Android vulnerable to directory traversal

GREE for Android contains an issue in handling URL inputs, which may result in a directory traversal vulnerability. Impact If a user of the affected product uses another malicious Android application, information managed by the affected product may be disclosed. Solution Update the software Updat...

4.3CVSS6AI score0.01368EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/12/14 12:0 a.m.•36 views

JVN#53269985: Welcart vulnerable to cross-site request forgery

Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site request forgery vulnerability. Impact If a logged in user views a malicious page after an item has been added in the shopping cart, the purchase process may unexpectedly be complete...

6.8CVSS6.1AI score0.0107EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/06/11 12:0 a.m.•36 views

JVN#38163638: Flash Player issue in implementations of the Same Origin Policy

SoundMixer.computeSpectrum method, included in Flash Player, contains an issue in implementations of the Same Origin Policy. Impact An attacker may obtain sound spectrum data that user playing in violation of the same-origin policy. Solution Update the Software Update to the latest version...

4.3CVSS5.8AI score0.03655EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/05/25 12:0 a.m.•36 views

JVN#39707339: Opera fails to verify SSL server certificates

Opera is a web browser. Opera contains an issue where it fails to verify SSL server certificates. Impact The user may unknowingly connect to a site that is using a certificate not authorized by a CA. As a result, the user may become a victim of phishing. Solution Update the software Update to the...

5.8CVSS5.8AI score0.00601EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/05/15 12:0 a.m.•36 views

JVN#47536971: WEB MART from KENT-WEB vulnerable to cross-site scripting

WEB MART provided by KENT-WEB is a system for creating shopping websites. WEB MART contains a vulnerability in handling cookies, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versio...

4.3CVSS6.3AI score0.01792EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/04/20 12:0 a.m.•36 views

JVN#00000601: TwitRocker2 (Android version) vulnerable in the WebView class

TwitRocker2 is a client software for using twitter. TwitRocker2 Android version contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Update the...

5CVSS6.2AI score0.01563EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/09 12:0 a.m.•36 views

JVN#79950061: Jenkins vulnerable to cross-site scripting

Jenkins is a continuous integration CI tool. Jenkins contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN14791558. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according...

4.3CVSS5.5AI score0.01137EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/23 12:0 a.m.•36 views

JVN#70683217: Movable Type vulnerable to cross-site request forgery

Movable Type contains a cross-site request forgery vulnerability in entering comments and community functionality. Impact If a user views a malicious page while logged in, settings may be changed, data may be viewed or altered. Solution Update the software Update to the latest version for each...

6.8CVSS6AI score0.01082EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/20 12:0 a.m.•36 views

JVN#64386898: osCommerce vulnerable to cross-site scripting

osCommerce is an open source system for creating shopping websites. osCommerce contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by th...

4.3CVSS6AI score0.01135EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/08 12:0 a.m.•36 views

JVN#70502960: phpWebSite vulnerable to cross-site scripting

phpWebSite is a content management system CMS. phpWebSite contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products...

4.3CVSS5.9AI score0.00921EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/02 12:0 a.m.•36 views

JVN#44642341: Juniper Networks IDP ACM vulnerable to cross-site scripting

Juniper Networks IDP ACM provides a web interface for changing configurations in the IDP. The ACM contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the...

4.3CVSS5.9AI score0.01042EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/28 12:0 a.m.•36 views

JVN#96950482: Mozilla Firefox vulnerable to cross-site scripting

Mozilla Firefox contains a vulnerability in the rendering of specific numeric character references, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the informatio...

4.3CVSS8.9AI score0.01761EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/03/14 12:0 a.m.•36 views

JVN#01635457: e107 vulnerable to cross-site scripting

e107 provided by e107.org is a Content Management System CMS software. e107 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the...

4.3CVSS5.7AI score0.01042EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/01/18 12:0 a.m.•36 views

JVN#30414126: Ruby Version Manager escape sequence injection vulnerability

Ruby Version Manager is a command line tool for managing multiple ruby environments. Ruby Version Manager contains an escape sequence injection vulnerability. Impact A user may unknowingly open a malicious file. As a result, the string that is output on the terminal may contain an arbitrary escap...

6.8CVSS6.6AI score0.01786EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/12/15 12:0 a.m.•36 views

JVN#30273074: Internet Explorer vulnerable to cross-site scripting

Microsoft Internet Explorer contains a vulnerability in handling specific UTF-7 encoded characters, which may result in cross-site scripting. Impact An arbitrary script may be executed. Solution Update the Software Apply the latest update according to the information provided by Microsoft. Produc...

4.3CVSS5.8AI score0.13615EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/12 12:0 a.m.•36 views

JVN#88850043: Lhasa may insecurely load executable files

Lhasa is a file extraction software that supports LZH and ZIP formats. Lhasa loads certain executables .exe when extracting files. Lhasa contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of running...

6.9CVSS7.1AI score0.00283EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/06/25 12:0 a.m.•36 views

JVN#20219071 PHP-I-BOARD from Let's PHP! vulnerable to cross-site scripting

PHP-I-BOARD from Let's PHP! is a bulletin board software. PHP-I-BOARD contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the...

4.3CVSS5.9AI score0.01033EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/05/22 12:0 a.m.•36 views

JVN#57036470 Cross-site scripting vulnerability in leger (free edition)

leger free edition from 'AD2000' is a software to manage conference room reservations. leger free edition contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the...

4.3CVSS5.9AI score0.01065EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/10/20 12:0 a.m.•36 views

JVN#53267766 MyNETS cross-site scripting vulnerability

MyNETS from Usagi Project is an open source SNS Social Networking Service software. MyNETS contains a cross-site scripting vulnerability. Impact If a user views a specially crafted web page, an arbitrary script may be executed on the user's web browser. As a result, user information may be...

4.3CVSS5.7AI score0.01223EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/08/21 12:0 a.m.•36 views

JVN#83428818 La!cooda WIZ and LacoodaST vulnerable to cross-site request forgery

La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site request forgery vulnerability. Impact Password or other configurations may be changed if the logged in user...

6CVSS6.4AI score0.00559EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/27 12:0 a.m.•36 views

JVN#52363223: Cybozu Garoon vulnerable to arbitrary script execution

Cybozu Garoon, a groupware from Cybozu, contains a vulnerability that allows an attacker to execute an arbitrary script when a user views RSS feed. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor...

4.3CVSS6.6AI score0.01292EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/19 12:0 a.m.•36 views

JVN#45389864 CGIWrap error page cross-site scripting vulnerability

CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms on the web server. CGIWrap contains a cross-site scripting vulnerability as it does not specify charset in the error page. Impact An arbitrary script may be executed on the user's web browser. Solution Update...

4.3CVSS5.5AI score0.0125EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/02/14 12:0 a.m.•36 views

JVN#28356427 ColdFusion cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct a session hijacking. Solution Products Affected ColdFusion MX 7.X For more information, refer to the vendor's website...

4.3CVSS6.3AI score0.03019EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/30 12:0 a.m.•35 views

JVN#06672778: Multiple vulnerabilities in ELECOM wireless LAN routers

Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Unrestricted Upload of File with Dangerous Type CWE-434 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.8 CVE-2024-34021 OS Command Injection CWE-78...

8.8CVSS7.8AI score0.00853EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/25 12:0 a.m.•35 views

JVN#22376992: WebProxy vulnerable to OS command injection

WebProxy provided by LunarNight Laboratory according to the original report submitted by the reporter is software to build a proxy server. WebProxy contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed with the privilege of the running web server...

7.3CVSS7.4AI score0.01019EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/08 12:0 a.m.•35 views

JVN#48443978: a-blog cms vulnerable to directory traversal

a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a directory traversal vulnerability CWE-22. Impact A user with editor or higher privilege who can log in to the product may obtain arbitrary files on the server including password files. Solution Update t...

6.5CVSS6.7AI score0.00832EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/17 12:0 a.m.•35 views

JVN#46993816: EC-CUBE 2 series vulnerable to cross-site scripting

EC-CUBE 2 series provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79 in "mail/template" and "products/product" of Management page. Impact An arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the...

4.8CVSS4.9AI score0.00362EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/18 12:0 a.m.•35 views

JVN#48687031: Qrio Smart Lock Q-SL2 vulnerable to authentication bypass by capture-replay

Qrio Smart Lock Q-SL2 provided by Qrio, inc. contains an authentication bypass by capture-replay vulnerability CWE-294. Impact An attacker may analyze the product's communication data and perform unintended operations under certain conditions. Solution Update the firmware and related products...

8.8CVSS8.8AI score0.00361EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/24 12:0 a.m.•35 views

JVN#05288621: EasyMail vulnerable to cross-site scripting

EasyMail provided by First Net Japan Inc. contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the site using the product. Solution Update the software Update the software to the latest version accordin...

6.1CVSS6AI score0.00508EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/06 12:0 a.m.•35 views

JVN#55675303: Digital Arts m-FILTER vulnerable to improper authentication

m-FILTER provided by Digital Arts Inc. is an emaill security product. m-FILTER contains an improper authentication vulnerability CWE-287 when emails are being sent under certain conditions, and unintended emails may be sent by a remote attacker. Digital Arts Inc. states that attacks exploiting th...

5.3CVSS5.5AI score0.00706EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/11/24 12:0 a.m.•35 views

JVN#29657972: TP-Link RE300 V1 tdpServer vulnerable to improper processing of its input

tdpServer of TP-Link RE300 V1 improperly processes its input, possibly resulting to crash CWE-228. Impact An attacker may be able to cause a denial-of-service DoS condition of the product's OneMesh function. Solution Update the software Update the software to the latest version according to the...

5.5CVSS5.3AI score0.00175EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/08/27 12:0 a.m.•35 views

JVN#14134801: baserCMS vulnerable to cross-site scripting

baserCMS provided by baserCMS Users Community contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update the software to the latest version according to the information provided by the developer...

8.7CVSS5.6AI score0.00929EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/09 12:0 a.m.•35 views

JVN#73742314: RT-AC68U vulnerable to cross-site scripting

RT-AC68U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC68U contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Apply the firmware update according to the information provided by the...

6.1CVSS6.1AI score0.00899EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/02/06 12:0 a.m.•35 views

JVN#36048131: Multiple I-O DATA network devices incorporating "MagicalFinder" vulnerable to OS command injection

"MagicalFinder" provided by I-O DATA DEVICE, INC. is a IP address setting tool to for I-O DATA network devices such as routers, network cameras, strages, etc. Multiple I-O DATA network devices that incorporate "MagicalFinder" contain an OS command injection vulnerability CWE-78. Impact An attacke...

7.7CVSS6.9AI score0.00668EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/26 12:0 a.m.•35 views

JVN#92422409: The installer of the Ministry of Justice [The electronic authentication system based on the commercial registration system "The CRCA user's Software"] may insecurely load Dynamic Link Libraries

The electronic authentication system based on the commercial registration system "The CRCA user's Software" provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the...

8.8CVSS8.9AI score0.01356EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/25 12:0 a.m.•35 views

JVN#75514460: Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely load Dynamic Link Libraries

Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact This vulnerability can be exploited when the following condition is met. ...

8.8CVSS8.8AI score0.01749EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/19 12:0 a.m.•35 views

JVN#12281353: Cybozu Garoon vulnerable to cross-site scripting

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability CWE-79 due to an issue in "Messages" function of Cybozu Garoon Keitai. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...

6.1CVSS6.3AI score0.01195EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/19 12:0 a.m.•35 views

JVN#13218253: Cybozu Garoon vulnerable to information disclosure

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an information disclosure vulnerability CWE-200. Impact Cybozu Garoon uses HTTPS communication, therefore an attacker can not eavesdrop on communication under normal operations. However, if a user conducts a specific...

8.8CVSS8.2AI score0.00818EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/19 12:0 a.m.•35 views

JVN#17980240: Cybozu Garoon vulnerable to SQL injection

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability CWE-89 due to an issue in "MultiReport" function. Impact A user may execute arbitrary SQL commands. Solution Update the Software Update to the latest version according to the information...

8.8CVSS9AI score0.01594EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/16 12:0 a.m.•35 views

JVN#71462075: Splunk Enterprise and Splunk Lite vulnerable to cross-site scripting

Splunk Enterprise and Splunk Lite contain a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser by an attacker who can log-in to the system as an administrator. Solution Update the Software Update to the latest version according t...

4.8CVSS4.8AI score0.00976EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/02 12:0 a.m.•35 views

JVN#48789425: Trend Micro Internet Security multiple vulnerabilities

Trend Micro Internet Security provided by Trend Micro Incorporated contains the following vulnerabilities. Access Restriction Flaw - CVE-2016-1225 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 5.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:N/A:N| Base...

6.5CVSS6.8AI score0.03462EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 12:0 a.m.•35 views

JVN#37121456: Cybozu Garoon vulnerable to cross-site scripting

Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...

6.1CVSS5.8AI score0.01009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 12:0 a.m.•35 views

JVN#49285177: Cybozu Garoon vulnerable to cross-site scripting

Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...

5.4CVSS5.4AI score0.00802EPSS
Exploits0
Total number of security vulnerabilities5000