Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/09/28 12:0 a.m.•31 views

JVN#63023305: InBody App vulnerable to information disclosure

InBody App provided by InBody Japan Inc. works with the household body composition analyzer InBody Dial manufactured and sold by InBody Japan Inc., and as a part of its functions, it manages and stores data such as weight, BMI, skeletal muscle mass, and fat mass measured by InBody Dial. InBody Ap...

5.3CVSS4.9AI score0.00753EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/02/13 12:0 a.m.•31 views

JVN#87403477: Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" may insecurely load Dynamic Link Libraries

Application and self-extracting archive containing the application of "FLET'S v4 / v6 address selection tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitra...

7.8CVSS7.8AI score0.00928EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/07 12:0 a.m.•31 views

JVN#99737748: AppCheck may insecurely invoke an executable file

AppCheck provided by JIRANSOFT JAPAN, INC. is an anti-ransomware software. AppCheck and its installer contains an issue with the search path for executable files, which may lead to insecurely invoke an executable file CWE-427. Impact Arbitrary code may be executed with the privilege of the user...

9.3CVSS8.6AI score0.01651EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/06 12:0 a.m.•31 views

JVN#20870477: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Impact When accessing a specially crafted URL, arbitrary code may be...

8.8CVSS8.9AI score0.01507EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/24 12:0 a.m.•31 views

JVN#50197114: smalruby-editor vulnerable to OS command injection

smalruby-editor provided by Ruby Programming Shounendan is web-based editor to create Ruby programs. smalruby-editor containts an OS command injection vulnerability CWE-78. Impact A remote attacker may execute arbitrary OS command on the server where smalruby-editor resides. Solution Update the...

10CVSS9.8AI score0.06183EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/07 12:0 a.m.•31 views

JVN#28151745: Sleipnir for Mac vulnerable to URL spoofing

Sleipnir for Mac provided by Fenrir Inc. contains a URL spoofing vulnerability due to a flaw in the page transition. Impact The displayed URL may be forged to conduct phishing attacks. Solution Update the Software Update to the latest version according to the information provided by the developer...

6.1CVSS6.1AI score0.00831EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 12:0 a.m.•31 views

JVN#39619137: Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"

FlashAir by Toshiba Corporation is a SDHC memory card which provides "Internet pass-thru Mode", allowing devices to access the internet while connecting to FlashAir. When configured in "Internet pass-thru Mode", FlashAir acts both as a station and as an access point. When "Internet pass-thru Mode...

4.3CVSS5.2AI score0.00711EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/23 12:0 a.m.•31 views

JVN#42262137: simple chat vulnerable to cross-site scripting

simple chat provided by Let's PHP! contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected simple...

6.1CVSS6AI score0.01176EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/16 12:0 a.m.•31 views

JVN#02576342: Cybozu Mailwise vulnerable to information disclosure

Cybozu Mailwise contains an information disclosure vulnerability in the mail view page. Impact When a user opens a specially crafted email, an attacker can notice that the user read the email. Solution Update the Software Update to the latest version according to the information provided by the...

4.3CVSS4.5AI score0.01586EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/20 12:0 a.m.•31 views

JVN#13582657: WordPress plugin "Nofollow Links" vulnerable to cross-site scripting

The WordPress plugin "Nofollow Links" contains a cross-site scripting CWE-79 vulnerability in nofollow-links.php. Impact An arbitrary script may be executed on the web browser of a user who is logged on as an administrator. Solution Update the plugin Update the plugin according to the information...

6.1CVSS6AI score0.01805EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/24 12:0 a.m.•31 views

JVN#43529183: Jetstar App for iOS fails to verify SSL server certificates

Jetstar App for iOS provided by Jetstar Airways Pty Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update to the latest version according to the information provided ...

5.9CVSS5.3AI score0.00642EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/09 12:0 a.m.•31 views

JVN#85359294: WL-330NUL vulnerable to denial-of-service (DoS)

WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a denial-of-service DoS vulnerability. Impact An attacker who can access the product may be able to cause a denial-of-service DoS. Solution Update the Firmware Update the firmware to the latest version...

4.3CVSS4.4AI score0.00633EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/09 12:0 a.m.•31 views

JVN#69462495: WL-330NUL information management vulnerability

WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains an issue in information management. Impact An attacker that can access the product may obtain the WPA2-PSK passphrase. Solution Update the Firmware Update the firmware to the latest version according to th...

4.3CVSS4.4AI score0.00632EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/30 12:0 a.m.•31 views

JVN#35845584: Frame high-speed chat vulnerable to cross-site scripting

Frame high-speed chat provided by Let's PHP! contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an Update Update to the latest version according to the information provided by the developer. Products Affected...

6.1CVSS6AI score0.00765EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/17 12:0 a.m.•31 views

JVN#71088919: applican vulnerable to script injection

applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in processing SSID. Impact When an application built using applican processes a specially crafted SSID, an arbitrary scri...

4.3CVSS6.2AI score0.01171EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/30 12:0 a.m.•31 views

JVN#53973084: HTML::Scrubber vulnerable to cross-site scripting

HTML::Scrubber is a Perl module for scrubbing/sanitizing html. HTML::Scrubber contains a cross-site scripting vulnerability CWE-79. Impact If the function "comment" is enabled, an arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version...

2.6CVSS5.5AI score0.02092EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/29 12:0 a.m.•31 views

JVN#33179297: Enisys Gw vulnerable to arbitrary file creation

Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw contains a vulnerability that may allow a remote attacker to create arbitrary files. Impact An arbitrary file created by a logged in attacker may result in arbitrary code being executed on the server. Solution...

6.5CVSS6.9AI score0.01959EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/09 12:0 a.m.•31 views

JVN#13456571: Dojo Toolkit vulnerable to cross-site scripting

Dojo Toolkit is a software to assist in building web applications. Dojo Toolkit contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by t...

4.3CVSS5.5AI score0.02224EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/30 12:0 a.m.•31 views

JVN#04855224: baserCMS fails to restrict access permissions

baserCMS is an open-source Contents Management System CMS. baserCMS contains a vulnerability where user settings may be changed when processing specially crafted request sent by an attacker logged into the system. Impact User information may be changed to arbitrary values by a logged in attacker...

6.5CVSS6.3AI score0.01551EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 12:0 a.m.•31 views

JVN#67586379: Reversi vulnerable to URL whitelist bypass

Reversi provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Reversi contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Impact Android version of this app may allow an applican API to be...

6.8CVSS6.2AI score0.01093EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/09 12:0 a.m.•31 views

JVN#09758120: Cacti vulnerable to cross-site scripting

Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameters in graphview.php. Impact If a user views a malicious page while logged in, an arbitrary script may be executed on th...

4.3CVSS5.2AI score0.05739EPSS
Exploits6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 12:0 a.m.•31 views

JVN#05559185: MilkyStep vulnerable to OS command injection

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed by an attacker. Solution Update the Software Update to the latest version according to the...

7.5CVSS7AI score0.01615EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 12:0 a.m.•31 views

JVN#20879350: MilkyStep vulnerable to cross-site scripting

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to th...

4.3CVSS5.9AI score0.01184EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 12:0 a.m.•31 views

JVN#52478686: MilkyStep vulnerable to SQL injection

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a SQL injection vulnerability CWE-89. Impact An attacker who can access the product may execute an arbitrary SQL command. Solution Update the Software Update to the latest version accordin...

7.5CVSS7.4AI score0.01285EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/01 12:0 a.m.•31 views

JVN#07538357: EasyCTF vulnerable to cross-site scripting

EasyCTF is a server side CGI used to score CTF Capture The Flag. EasyCTF contains a cross-site scripting vulnerability CWE-79 that can be leveraged by an attacker created account. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the late...

3.5CVSS5.9AI score0.00954EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/02/20 12:0 a.m.•31 views

JVN#64455813: Squid input validation vulnerability

Squid is a caching proxy server. Squid contains a vulnerability where server responses that contain invalid values in the Content-Length of the HTTP header are sent to the client. Impact If a HTTP response with a specially crafted header is processed, it may result in a HTTP response splitting...

4.3CVSS7.4AI score0.04507EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/18 12:0 a.m.•31 views

JVN#09289074: WBS Gantt-Chart for JIRA vulnerable to cross-site scripting

WBS Gantt-Chart for JIRA provided by Ricksoft Inc. is an add-on for JIRA which provides WBS Work Breakdown Structure and Gantt-Chart features. WBS Gantt-Chart for JIRA contains a flaw in output page generation, which may lead to cross-site scripting CWE-79. Impact An arbitrary script may be...

3.5CVSS5.7AI score0.00936EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/11 12:0 a.m.•31 views

JVN#14691234: Multiple Cybozu products vulnerable to buffer overflow

Multiple products provided by Cybozu, Inc. contain a buffer overflow vulnerability CWE-119. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Update the Software Update to the latest version according to the information provided by the developer...

9CVSS7.4AI score0.03742EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/10 12:0 a.m.•31 views

JVN#65559247: OpenAM vulnerable to denial-of-service (DoS)

OpenAM provided by ForgeRock is an open source access management software. OpenAM contains a denial-of-service DoS vulnerability due to a flaw in processing Cookies CWE-400. Impact When an OpenAM system is running "site" configuration with multiple instances, an authenticated attacker may be able...

3.5CVSS5.9AI score0.01067EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/07/15 12:0 a.m.•31 views

JVN#97558950: Cybozu Garoon vulnerable to cross-site scritping

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Map search", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the...

3.5CVSS5.8AI score0.00936EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/07/15 12:0 a.m.•31 views

JVN#75990997: Cybozu Garoon vulnerable to access restriction bypass

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Portlets", which may result in an access restriction bypass vulnerability CWE-264. Impact Portlets may be altered by another Cybozu Garoon user. Solution Update the Software Update to the lates...

4CVSS6.2AI score0.01107EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/20 12:0 a.m.•31 views

JVN#48805624: Usermin vulnerable to OS command injection

Usermin is a web-based interface used to manage webmail. Usermin contains an OS command injection vulnerability. Impact When a user that is logged into Usermin performs a specific action, an arbitrary command may be executed. Solution Update the software Update to the latest version according to...

6.8CVSS6.7AI score0.01295EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/11 12:0 a.m.•31 views

JVN#58029817: C-BOARD Moyuku vulnerable to cross-site scripting

C-BOARD Moyuku is a bulletin board software. C-BOARD Moyuku contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Produc...

4.3CVSS5.9AI score0.00931EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/26 12:0 a.m.•31 views

JVN#87797318: XooNIps vulnerable to cross-site scripting

XooNIps provided by Neuroinformatics Japan Center, RIKEN Brain Science Institute is a module of XOOPS. XooNIps contains an issue in processing the output of input character string to the web page, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed...

4.3CVSS5.9AI score0.01171EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/24 12:0 a.m.•31 views

JVN#49384502: SimZip (Simple Zip Viewer) vulnerable to directory traversal

SimZip Simple Zip Viewer provided by Gapless Player contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application...

4.3CVSS6.5AI score0.01505EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/07 12:0 a.m.•31 views

JVN#12513975: TOWN (modified version) vulnerable to cross-site scripting

TOWN modified version provided by Tattyan's HP contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the latest version according to the information provided by the developer. Products Affected TOWN...

4.3CVSS5.9AI score0.01161EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/10/29 12:0 a.m.•31 views

JVN#74608669: RockDisk vulnerable to cross-site scripting

RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Apply the firmware update provided by the developer. Products...

5.4CVSS5.3AI score0.01402EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/06/27 12:0 a.m.•31 views

JVN#85804149: CLIP-MAIL vulnerable to cross-site scripting

CLIP-MAIL provided by KENT-WEB contains an issue in the webpage output of strings entered in the form, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version accordin...

4.3CVSS5.9AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/06/13 12:0 a.m.•31 views

JVN#53622030: Orchard vulnerable to cross-site scripting

Orchard is a content management system CMS. Orchard contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software or apply a patch Update to the latest version or apply the appropriate patch according to the...

4.3CVSS5.9AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/06/11 12:0 a.m.•31 views

JVN#99813183: Galapagos Browser vulnerable in the WebView class

Galapagos Browser is a web browser for Android devices. Galapagos Browser contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Do not use Galapagos...

4.3CVSS6.2AI score0.00893EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/03/18 12:0 a.m.•31 views

JVN#41022517: VxWorks Web Server vulnerable to denial-of-service (DoS)

The VxWorks Web Server contains a denial-of-service DoS vulnerability. Impact When a user accesses the VxWorks Web Server using a specially crafted URL, the server may crash. Solution Apply a patch Apply the appropriate patch according to the information provided by the developer. Products Affect...

5CVSS6.1AI score0.02374EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/02/08 12:0 a.m.•31 views

JVN#07629635: Cybozu Garoon vulnerable to SQL injection

Cybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains an SQL injection vulnerability. Impact A user with the "logging" permission may obtain information managed by the product. Solution Update the Software Update to the latest version according to the information provided by the...

6CVSS7.2AI score0.00967EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/08/08 12:0 a.m.•31 views

JVN#99730704: Sleipnir Mobile for Android vulnerable to arbitrary Java method execution

Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary Java method execution vulnerability. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in...

6.8CVSS6.8AI score0.02031EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/06/19 12:0 a.m.•31 views

JVN#36993373: SmallPICT vulnerable to cross-site scripting

SmallPICT is a bulletin-board software. SmallPICT contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affecte...

4.3CVSS5.9AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/13 12:0 a.m.•31 views

JVN#31860555: twicca fails to restrict access permissions

twicca is a client software for using Twitter. twicca contains an issue where access permissions are not restricted. Impact Android applications without permissions for network access may upload image files with the privileges of twicca. Solution Update the Software Apply the latest update for ea...

5CVSS6.4AI score0.01563EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/12/22 12:0 a.m.•31 views

JVN#76515037: PukiWiki Plus! vulnerable to cross-site scripting

PukiWiki Plus! is a software that adds wiki functionality to websites. PukiWiki Plus! contains a vulnerability in handling web form entries, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...

4.3CVSS6.3AI score0.01135EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/21 12:0 a.m.•31 views

JVN#48839888: Nikki vulnerable to OS command injection

Nikki from HP no Mawashimono is a CGI software for posting diary entries. Nikki contains an OS command injection vulnerability. Impact An arbitrary OS command may be executed with the privileges of the web server. Solution Update the software Update to the latest version according to the...

7.5CVSS7AI score0.02262EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/12/01 12:0 a.m.•31 views

JVN#76662040: Clipboard contents alteration vulnerability in Grani

Grani, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Grani is being used under certain settings, the contents of the clipboard may be read or written from a website. Impact Contents contained in the clipboard ma...

5.8CVSS6.1AI score0.00867EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/02 12:0 a.m.•31 views

JVN#60969543 HL-SiteManager vulnerable to SQL injection

HL-SiteManager from Heartlogic is a contents management system CMS software. HL-SiteManager contains a SQL injection vulnerability. Impact A remote attacker may view or modify information stored by the product. Solution Do not use HL-SiteManager As patches will not be provided, users are...

7.5CVSS6.9AI score0.01063EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/11/04 12:0 a.m.•31 views

JVN#75694913 Roundcube Webmail vulnerable to cross-site request forgery

Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability. This issue is different from JVN33820033 and JVN72974205. Impact An attacker may be able to send arbitrary emails. Solution Update the...

6.8CVSS6AI score0.01342EPSS
Exploits0
Total number of security vulnerabilities5000