Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/06/01 12:0 a.m.•32 views

JVN#29083866: Segue vulnerable to cross-site scripting

Segue is a content management system. Segue contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Segue Segue services will no longer be available after August 31, 2012. Refer to the information provided by the...

4.3CVSS5.9AI score0.01404EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/05/15 12:0 a.m.•32 views

JVN#63941302: WEB MART from KENT-WEB vulnerable to cross-site scripting

WEB MART provided by KENT-WEB is a system for creating shopping websites. WEB MART contains a vulnerability when using Microsoft IE's CSS expressions, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Updat...

2.6CVSS6.2AI score0.01783EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/04/05 12:0 a.m.•32 views

JVN#92830293: TOSHIBA TEC e-Studio series vulnerable to authentication bypass

e-Studio is a multi-function peripheral MFP. Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in an authentication bypass. Impact An attacker that can access the product may log in with administrative privileges. As a result, settings may...

10CVSS6.5AI score0.04725EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/11 12:0 a.m.•32 views

JVN#63249231: Cogent DataHub vulnerable to HTTP header injection

Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a HTTP header injection vulnerability also known as CRLF, carriage return line feed, injection vulnerability. Impact If a remote attacker sends a crafted HTTP header to a vulnerable system, forged information may be displayed on th...

5.8CVSS6.4AI score0.01512EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/07 12:0 a.m.•32 views

JVN#34980730: A-Form vulnerable in restricting access

A-Form is a plug-in for Movable Type that adds mail forms and survey forms. A-Form contains a vulnerability in restricting access permissions. Impact Information managed by A-Form may be altered by a user who does not have administrative privileges. Solution Update the Software Update to the late...

5.5CVSS6.1AI score0.01263EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/30 12:0 a.m.•32 views

JVN#16617002: BaserCMS vulnerable to access restriction

BaserCMS is an open-source Contents Management System CMS. BaserCMS contains a vulnerability in access restriction where adding a user in the user group "operators" which is created by default when BaserCMS is installed. Impact Users without administrative privileges may obtain administrative...

4.9CVSS6.2AI score0.01344EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/16 12:0 a.m.•32 views

JVN#28973089: SemanticScuttle vulnerable to cross-site scripting

SemanticScuttle is a social bookmarking tool. SemanticScuttle contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer...

4.3CVSS5.9AI score0.01263EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/29 12:0 a.m.•32 views

JVN#43105011: Android vulnerability where an incorrect SSL certificate is displayed

Android OS contains a vulnerability where a SSL certificate from an outside site is displayed when a user attempts to display a SSL certificate from a site that reads in contents from an outside site. Impact An attacker may trick the user into believing the site being visited is safe, which may...

4.3CVSS6AI score0.00787EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/15 12:0 a.m.•32 views

JVN#86220950: Google Search Appliance vulnerable to cross-site scripting

Google Search Appliance from Google is a product that provides searching services for an intranet service or a website. Google Search Appliance contains a cross-site scripting vulnerability. Impact An arbitrary script may executed on the user's web browser. Solution Update the software Update to...

4.3CVSS6AI score0.00489EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/05 12:0 a.m.•32 views

JVN#17844633: XnView may insecurely load executable files

XnView is a software for viewing and converting graphic files. XnView loads certain executables when using the "Open containing folder" function. XnView contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the...

6.9CVSS7.1AI score0.00344EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/29 12:0 a.m.•32 views

JVN#01547302: ALZip vulnerable to buffer overflow

ALZip is a file compression/extraction software from ESTsoft Japan Corp. ALZip contains a buffer overflow vulnerability due to improper handling of mim files. Impact When opening a specially crafted file, arbitrary code may be executed. Solution Re-install the software Download ALZip 8.21 after...

9.3CVSS7.1AI score0.05539EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/10 12:0 a.m.•32 views

JVN#29212182: Java Web Start may insecurely load policy files

Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the file search path, which may insecurely load policy files. Impact An attacker may execute arbitrary code with the...

7.6CVSS8.7AI score0.02347EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/25 12:0 a.m.•32 views

JVN#45658190: Movable Type vulnerable to cross-site scripting

Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability due to an issue in the management screen. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser...

4.3CVSS6AI score0.0105EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/03/25 12:0 a.m.•32 views

JVN#99977321: Picasa may insecurely load executable files

Picasa is a software for viewing and managing photos. Picasa loads certain executables when using the "Locate on Disk" function. Picasa contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of the runni...

6.9CVSS7.1AI score0.0032EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/01/11 12:0 a.m.•32 views

JVN#50704770: Aipo vulnerable to SQL injection

Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability. Impact Contents that are managed by Aipo may be viewed by a user that can login to Aipo. Solution Update the Software Update to the latest version...

7.5CVSS7.1AI score0.01299EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/11/09 12:0 a.m.•32 views

JVN#48425028: Flash Player access restriction bypass vulnerability

When Flash Player references a different website than the site where Flash contents are hosted, the referenced site must be allowed access by the cross-domain policy file. Flash Player contains a vulnerability where access restrictions set by the cross-domain policy file may be bypassed. Impact...

9.3CVSS8.1AI score0.05256EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/08 12:0 a.m.•32 views

JVN#19774883 MODx vulnerable to SQL injection

MODx provided by the MODx CMS Project is a Contents Management System CMS software. MODx contains a SQL injection vulnerability. Impact A remote attacker may view or modify information stored by the product. Solution Update the Software Update to the latest version according to the information...

7.5CVSS6.9AI score0.01096EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/02/25 12:0 a.m.•32 views

JVN#73331060 tDiary plugin tb-send.rb vulnerable to cross-site scripting

tDiary is a weblog software. tDiary plugin tb-send.rb contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on some web browsers. Solution Update the Software Update according to the information provided by the developer. Products Affected tDiary 2.2.2full set...

4.3CVSS5.5AI score0.01996EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/12/08 12:0 a.m.•32 views

JVN#85821104 Active! mail 2003 session ID disclosure vulnerability

Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a vulnerability in which session IDs may be disclosed. Impact A remote attacker could impersonate a user of Active! mail 2003. As a result, the user's email may be viewed or configurations may be...

5.8CVSS6.2AI score0.01083EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/10/20 12:0 a.m.•32 views

JVN#33822756 Canon IT Solutions Inc. ACCESSGUARDIAN vulnerable to cross-site scripting

Canon IT Solutions Inc. ACCESSGUARDIAN is a web security gateway. ACCESSGUARDIAN contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by...

4.3CVSS5.9AI score0.01801EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/09/18 12:0 a.m.•32 views

JVN#65914253 Directory traversal vulnerability in multiple phpspot products

Multiple products BBS Software etc. provided by phpspot contain a directory traversal vulnerablility. Impact A remote attacker could view files on the server where the product is installed. This could lead to disclosure of contents. Solution Update the software Update to latest version according ...

5CVSS6.3AI score0.01505EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/08/21 12:0 a.m.•32 views

JVN#20478978 Site Calendar 'mycaljp' vulnerable to cross-site scripting

Site Calendar 'mycaljp' is a calendar plugin for Geeklog, which is an open source content management system. Site Calendar 'mycaljp' contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the late...

4.3CVSS5.9AI score0.01065EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/08/19 12:0 a.m.•32 views

JVN#21388501 ColdFusion vulnerable to cross-site scripting

ColdFusion from Adobe is a software to develop web applications. ColdFusion contains a cross-site scripting vulnerability. This vulnerability is different from JVN28356427 and JVN48566866. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the...

4.3CVSS5.8AI score0.01773EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/05/11 12:0 a.m.•32 views

JVN#43233160 Cross-site scripting vulnerability in SKIP from SKIP User Group

SKIP from SKIP User Group is an open source SNS Social Networking Service software. SKIP contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on certain web browsers. Solution Update the software Update to the latest version according to the information provid...

4.3CVSS5.8AI score0.01223EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/04/07 12:0 a.m.•32 views

JVN#33846134 Ichitaro series buffer overflow vulnerability

The "Ichitaro" series word processing software, from JustSystems Corporation, contains an issue in the reading of Rich Text Files resulting in a buffer overflow vulnerability. When a user opens a specially crafted file locally or through a website, arbitrary code may be executed with privleges of...

9.3CVSS7.7AI score0.03475EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/01/07 12:0 a.m.•32 views

JVN#36802959 MyNETS cross-site scripting vulnerability

MyNETS from Usagi Project is an open source SNS Social Networking Service software. MyNETS contains a cross-site scripting vulnerability. Impact If a user views a specially crafted web page, an arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...

4.3CVSS5.8AI score0.01065EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/27 12:0 a.m.•32 views

JVN#18700809 Cybozu Garoon session fixation vulnerability

Cybozu Garoon, a groupware from Cybozu, contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into Cybozu Garoon using a session ID provided by the attacker. Impact A remote attacker impersonating a logged in user may execute arbitrary code...

6.8CVSS7.3AI score0.01524EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/04 12:0 a.m.•32 views

JVN#66291445 SonicStage CP buffer overflow vulnerability

Sony SonicStage CP is software for music management. SonicStage CP contains a vulnerability that can be exploited to cause a buffer overflow when importing a specially crafted playlist file with the .m3u extension. Impact Importing a specially crafted playlist file with the .m3u extension can cau...

9.3CVSS7.7AI score0.10919EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/01 12:0 a.m.•32 views

JVN#38605899 Mozilla Firefox cross-site scripting vulnerability

Mozilla Firefox interprets HTML data improperly and activates event handlers for invalid HTML elements, leading to a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the Software Mozilla has released Firefox 2.0.0.2 and...

4.3CVSS8.8AI score0.0213EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/05/08 12:0 a.m.•32 views

JVN#44724673: Java Web Start vulnerable to execution of unauthorized system classes

Java Web Start, included in the JRE Java Runtime Environment and other products, is a tool for distributing Java applications over the web. A vulnerability exists in an implementation of Java Web Start which may allow Java Web Start Application including a malformed JAR file to execute an...

10CVSS6.8AI score0.04959EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/12/04 12:0 a.m.•32 views

JVN#84798830 Denial of service vulnerability in Ruby CGI library (cgi.rb)

Impact A remote attacker could possibly conduct a DoS attack on a Ruby server by sending it a specially crafted request. Solution Products Affected 1.8 series 1.8.5 and all previous versions Developer version 1.9 series 2006-12-04 and all previous versions For more information, refer to the...

5CVSS7.3AI score0.04071EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/06 12:0 a.m.•31 views

JVN#29845579: Cybozu Office vulnerable to bypass browsing restrictions in Custom App

Cybozu Office provided by Cybozu, Inc. contains a vulnerability which allows to bypass browsing restrictions in Custom App CWE-201. Impact A user who can login to the product may view data that the user does not have access by conducting 'search' under certain conditions. Solution Update the...

6.5CVSS6.3AI score0.00417EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/03 12:0 a.m.•31 views

JVN#43215077: Multiple vulnerabilities in UNIVERSAL PASSPORT RX

UNIVERSAL PASSPORT RX provided by Japan System Techniques Co., Ltd. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2023-42427 Dependency on vulnerable third-party component CWE-1395 Known vulnerability in...

6.5CVSS6.7AI score0.00289EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/07 12:0 a.m.•31 views

JVN#44033918: Zeroshell vulnerable to OS command injection

The web interface of Zeroshell, Linux distribution provided by Zeroshell.org, contains an OS command injection vulnerability CWE-78. Impact Processing a crafted HTTP request may lead to an arbitrary OS command execution. Solution Stop using the product The developer states that the affected produ...

10CVSS9.5AI score0.36672EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/12 12:0 a.m.•31 views

JVN#36060509: "WPS Office" vulnerable to OS command injection

"WPS Office" which was provided by KINGSOFT JAPAN, INC. contains an OS command injection vulnerability CWE-78. Impact If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be...

8.1CVSS8.2AI score0.0106EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/12 12:0 a.m.•31 views

JVN#11705010: Beekeeper Studio vulnerable to code injection

Beekeeper Studio provided by Beekeeper Studio, Inc. contains a code injection vulnerability CWE-74. Impact A remote authenticated attacker may execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS...

8.8CVSS8.7AI score0.01388EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/02/22 12:0 a.m.•31 views

JVN#18765463: Multiple cross-site scripting vulnerabilities in SHIRASAGI

SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability on Schedule function CWE-79 - CVE-2023-22425 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

5.4CVSS5.5AI score0.00831EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/02/10 12:0 a.m.•31 views

JVN#60320736: NEC PC Settings Tool vulnerable to missing authentication for critical function

PC Settings Tool is an application pre-installed on computers provided by NEC by default. PC Settings Tool Library contained in the application is vulnerable to missing authentication for critical function CWE-306. Impact A general user of the computer which the affected product is installed may...

7.8CVSS7.7AI score0.00165EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/09/28 12:0 a.m.•31 views

JVN#63023305: InBody App vulnerable to information disclosure

InBody App provided by InBody Japan Inc. works with the household body composition analyzer InBody Dial manufactured and sold by InBody Japan Inc., and as a part of its functions, it manages and stores data such as weight, BMI, skeletal muscle mass, and fat mass measured by InBody Dial. InBody Ap...

5.3CVSS4.9AI score0.00753EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/02/13 12:0 a.m.•31 views

JVN#87403477: Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" may insecurely load Dynamic Link Libraries

Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitra...

7.8CVSS7.8AI score0.00928EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/07 12:0 a.m.•31 views

JVN#99737748: AppCheck may insecurely invoke an executable file

AppCheck provided by JIRANSOFT JAPAN, INC. is an anti-ransomware software. AppCheck and its installer contains an issue with the search path for executable files, which may lead to insecurely invoke an executable file CWE-427. Impact Arbitrary code may be executed with the privilege of the user...

9.3CVSS8.6AI score0.01651EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 12:0 a.m.•31 views

JVN#39619137: Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"

FlashAir by Toshiba Corporation is a SDHC memory card which provides "Internet pass-thru Mode", allowing devices to access the internet while connecting to FlashAir. When configured in "Internet pass-thru Mode", FlashAir acts both as a station and as an access point. When "Internet pass-thru Mode...

4.3CVSS5.2AI score0.00711EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/23 12:0 a.m.•31 views

JVN#42262137: simple chat vulnerable to cross-site scripting

simple chat provided by Let's PHP! contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected simple...

6.1CVSS6AI score0.01176EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/16 12:0 a.m.•31 views

JVN#02576342: Cybozu Mailwise vulnerable to information disclosure

Cybozu Mailwise contains an information disclosure vulnerability in the mail view page. Impact When a user opens a specially crafted email, an attacker can notice that the user read the email. Solution Update the Software Update to the latest version according to the information provided by the...

4.3CVSS4.5AI score0.01586EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/20 12:0 a.m.•31 views

JVN#13582657: WordPress plugin "Nofollow Links" vulnerable to cross-site scripting

The WordPress plugin "Nofollow Links" contains a cross-site scripting CWE-79 vulnerability in nofollow-links.php. Impact An arbitrary script may be executed on the web browser of a user who is logged on as an administrator. Solution Update the plugin Update the plugin according to the information...

6.1CVSS6AI score0.01805EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/24 12:0 a.m.•31 views

JVN#43529183: Jetstar App for iOS fails to verify SSL server certificates

Jetstar App for iOS provided by Jetstar Airways Pty Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update to the latest version according to the information provided ...

5.9CVSS5.3AI score0.00642EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/09 12:0 a.m.•31 views

JVN#85359294: WL-330NUL vulnerable to denial-of-service (DoS)

WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a denial-of-service DoS vulnerability. Impact An attacker who can access the product may be able to cause a denial-of-service DoS. Solution Update the Firmware Update the firmware to the latest version...

4.3CVSS4.4AI score0.00633EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/09 12:0 a.m.•31 views

JVN#69462495: WL-330NUL information management vulnerability

WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains an issue in information management. Impact An attacker that can access the product may obtain the WPA2-PSK passphrase. Solution Update the Firmware Update the firmware to the latest version according to th...

4.3CVSS4.4AI score0.00632EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/30 12:0 a.m.•31 views

JVN#35845584: Frame high-speed chat vulnerable to cross-site scripting

Frame high-speed chat provided by Let's PHP! contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an Update Update to the latest version according to the information provided by the developer. Products Affected...

6.1CVSS6AI score0.00765EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/17 12:0 a.m.•31 views

JVN#71088919: applican vulnerable to script injection

applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in processing SSID. Impact When an application built using applican processes a specially crafted SSID, an arbitrary scri...

4.3CVSS6.2AI score0.01171EPSS
Exploits0
Total number of security vulnerabilities5000