Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/03/04 12:0 a.m.•30 views

JVN#33214411: i-FILTER vulnerable to improper check for certificate revocation

i-FILTER provided by Digital Arts Inc. is vulnerable to improper check for certificate revocation CWE-299 . Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the software and add settings Update the software to the latest version...

4.3CVSS4AI score0.00969EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/02/04 12:0 a.m.•30 views

JVN#67396225: CSV+ vulnerable to cross-site scripting

CSV+ provided by Plus one is a tabbed CSV editor. CSV+ contains a cross-site scripting vulnerability CWE-79. Impact If a CSV file containing a tag is loaded and the link is clicked by the user of the software, an arbitrary script or OS command may be executed. Solution Update the Software Update...

9.6CVSS8.9AI score0.03174EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/11/10 12:0 a.m.•30 views

JVN#68066589: WordPress Plugin "Booking Package - Appointment Booking Calendar System" vulnerable to cross-site scripting

WordPress Plugin "Booking Package - Appointment Booking Calendar System" provided by Saasproject contains a cross-site scripting vulnerability CWE-79 due to the flaw in handling some URL query parameters. Impact An arbitrary script may be executed on the web browser of the user who is accessing t...

6.1CVSS6AI score0.01243EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/06 12:0 a.m.•30 views

JVN#20870477: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Impact When accessing a specially crafted URL, arbitrary code may be...

8.8CVSS8.9AI score0.01507EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/01 12:0 a.m.•30 views

JVN#82619692: Access CX App fails to verify SSL server certificates

Access CX App provided by NISSAN SECURITIES CO., LTD. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by...

5.9CVSS5.3AI score0.00642EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/17 12:0 a.m.•30 views

JVN#86200862: Self-Extracting Archives created by 7-ZIP32.DLL may insecurely load Dynamic Link Libraries

7-ZIP32.DLL is an open source library for compressing and decompressing 7z and zip format files. It can also create self-extracting archive files. Self-extracting archive files created by 7-ZIP32.DLL contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link...

7.8CVSS7.7AI score0.00816EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/09 12:0 a.m.•30 views

JVN#87662835: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to DNS rebinding

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a DNS rebinding vulnerability. Impact If a user accesses a malicious web page, arbitrary code may be...

6.8CVSS6.5AI score0.00956EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/09 12:0 a.m.•30 views

JVN#39008927: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to cross-site request forgery

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in,...

8.8CVSS8.6AI score0.00769EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/27 12:0 a.m.•30 views

JVN#81618356: CubeCart vulnerable to directory traversal

CubeCart from CubeCart Limited is an open source system for creating online shopping websites. CubeCart contains a directory traversal vulnerability CWE-22. Impact A local file on the server may be accessed by a remote attacker. Solution Update the Software Update to the latest version according ...

6.5CVSS6.4AI score0.0247EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/24 12:0 a.m.•30 views

JVN#50197114: smalruby-editor vulnerable to OS command injection

smalruby-editor provided by Ruby Programming Shounendan is web-based editor to create Ruby programs. smalruby-editor containts an OS command injection vulnerability CWE-78. Impact A remote attacker may execute arbitrary OS command on the server where smalruby-editor resides. Solution Update the...

10CVSS9.8AI score0.06183EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/11 12:0 a.m.•30 views

JVN#19241292: Cybozu Remote Service Manager fails to verify client certificates

Remote Service Manager provided by Cybozu, Inc. is a software to access internal systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager fails to verify client certificates. Impact A user may access internal web systems that do not allow access from external network. A...

4.9CVSS4.4AI score0.0045EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/07 12:0 a.m.•30 views

JVN#28151745: Sleipnir for Mac vulnerable to URL spoofing

Sleipnir for Mac provided by Fenrir Inc. contains a URL spoofing vulnerability due to a flaw in the page transition. Impact The displayed URL may be forged to conduct phishing attacks. Solution Update the Software Update to the latest version according to the information provided by the developer...

6.1CVSS6.1AI score0.00831EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/25 12:0 a.m.•30 views

JVN#05493467: Simple keitai chat vulnerable to cross-site scripting

Simple keitai chat provided by LEMON-S PHP contains reflected and stored cross-site scripting vulnerabilities CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Simple keitai chat Simple keitai chat is no longer being developed or maintained. It is...

6.1CVSS6.3AI score0.00872EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 12:0 a.m.•30 views

JVN#10092452: Cybozu Office vulnerable to denial-of-service (DoS)

Cybozu Office contains a denial-of-service DoS vulnerability. Impact An attacker may be able to cause a denial-of-service DoS that consumes system resources. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected Cybozu...

6.8CVSS6.2AI score0.02265EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 12:0 a.m.•30 views

JVN#11288252: Cybozu Office vulnerable to Reflected File Download (RFD)

Cybozu Office contains a Reflected File Download RFD vulnerability. Impact If a user accesess a malicious page while logged in, unintended files may be downloaded. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected...

3.5CVSS3.8AI score0.0096EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/24 12:0 a.m.•30 views

JVN#94816361: YoruFukurou (NightOwl) vulnerable to denial-of-service (DoS)

YoruFukurou NightOwl is a Twitter client application for OS X. YoruFukurou uses OS X API CTFramesetter to render text contents. CTFramesetter has a problem in processing a certain emoji character sequence, which may cause YoruFukurou to crash. This problem was verified on OS X v10.9 Mavericks. Th...

6.5CVSS6.4AI score0.01741EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/29 12:0 a.m.•30 views

JVN#30260727: Sushiro App fails to verify SSL server certificates

Sushiro App provided by AKINDO SUSHIRO CO., LTD. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by the...

5.9CVSS5.3AI score0.00953EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/24 12:0 a.m.•30 views

JVN#95082904: WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting

WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the develope...

6.1CVSS6AI score0.01491EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/29 12:0 a.m.•30 views

JVN#26921563: JOB-CUBE vulnerable to cross-site scripting

JOB-CUBE provided by WEBSQUARE Co.,Ltd. is software to build websites. JOB-CUBE contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the administrator's web browser. Solution Update the Software Update to the latest version according to the informati...

5.4CVSS5.3AI score0.0085EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/22 12:0 a.m.•30 views

JVN#49225722: Multiple Buffalo network devices vulnerable to cross-site scripting

Multiple network devices provided by BUFFALO INC. contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the firmware Update the firmware according to the information provided by the developer. Products Affecte...

6.1CVSS6.1AI score0.00765EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/25 12:0 a.m.•30 views

JVN#51349622: CG-WLBARGS does not properly perform authentication

CG-WLBARGS provided by Corega Inc is a wireless LAN router. CG-WLBARGS does not properly perform authentication. Impact An attacker who can access the product may log in with administrative privileges. As a result, an arbitrary administrative operations may be executed. Solution Apply a Workaroun...

10CVSS9.3AI score0.02761EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/07 12:0 a.m.•30 views

JVN#70083512: Web Analytics Service vulnerable to cross-site scripting

The JavaScript module for using Web Analytics Service which was provided by NTT DATA Smart Sourcing Corporation contains a cross-site scripting vulnerability CWE-79 due to a flaw in escaping process. According to the developer, this script was distributed from 26 November, 2003 to 9 July, 2013...

6.1CVSS6AI score0.0102EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/17 12:0 a.m.•30 views

JVN#29141986: Gurunavi App for iOS fails to verify SSL server certificates

Gurunavi App for iOS provided by Gurunavi, Inc. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...

5.9CVSS5.3AI score0.00953EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/30 12:0 a.m.•30 views

JVN#53973084: HTML::Scrubber vulnerable to cross-site scripting

HTML::Scrubber is a Perl module for scrubbing/sanitizing html. HTML::Scrubber contains a cross-site scripting vulnerability CWE-79. Impact If the function "comment" is enabled, an arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version...

2.6CVSS5.5AI score0.02092EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/07 12:0 a.m.•30 views

JVN#29053368: Yodobashi App for Android fails to verify SSL server certificates

Yodobashi App for Android provided by Yodobashi Camera Co.,Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information...

5.9CVSS5.5AI score0.00828EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/29 12:0 a.m.•30 views

JVN#46674982: yoyaku_v41 vulnerable to arbitrary file creation

yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a vulnerability that may allow a remote attacker to create arbitrary files CWE-20. Impact An arbitrary file created by an attacker may result in arbitrary code being executed on the serve...

7.5CVSS7.1AI score0.02288EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/09 12:0 a.m.•30 views

JVN#09758120: Cacti vulnerable to cross-site scripting

Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameters in graphview.php. Impact If a user views a malicious page while logged in, an arbitrary script may be executed on th...

4.3CVSS5.2AI score0.05739EPSS
Exploits6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 12:0 a.m.•30 views

JVN#52478686: MilkyStep vulnerable to SQL injection

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a SQL injection vulnerability CWE-89. Impact An attacker who can access the product may execute an arbitrary SQL command. Solution Update the Software Update to the latest version accordin...

7.5CVSS7.4AI score0.01285EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 12:0 a.m.•30 views

JVN#20879350: MilkyStep vulnerable to cross-site scripting

MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to th...

4.3CVSS5.9AI score0.01184EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/26 12:0 a.m.•30 views

JVN#74547976: Fumy Teacher's Schedule Board vulnerable to cross-site scripting

Fumy Teacher's Schedule Board provided by Nishishi Factory is a CGI program that displays schedules. Fumy Teacher's Schedule Board contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest...

4.3CVSS5.9AI score0.01184EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/02/27 12:0 a.m.•30 views

JVN#34790526: checkpw vulnerable to denial-of-service (DoS)

checkpw is a password authentication program. checkpw contains a denial-of-service DoS vulnerability due to a flaw in processing account names CWE-400. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the Software Update to the latest version according to the...

5CVSS6.2AI score0.02427EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/02/17 12:0 a.m.•30 views

JVN#73261710: C-BOARD Moyuku vulnerable to arbitrary file creation

C-BOARD Moyuku is a bulletin board software. C-BOARD Moyuku contains a vulnerability that may allow a remote attacker to create arbitrary files. Impact A remote attacker creating arbitrary files may result in arbitrary code execution on the server. Solution Update the Software Update to the lates...

7.5CVSS7.2AI score0.02673EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/01/30 12:0 a.m.•30 views

JVN#13566542: Cybozu Remote Service Manager vulnerable to denial-of-service (DoS)

Remote Service Manager provided by Cybozu, Inc. is a software to access internal systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a denial-of-service DoS vulnerability. Note that this vulnerability was caused due to an incomplete fix of JVN10319260...

7.8CVSS6.6AI score0.01799EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/02 12:0 a.m.•30 views

JVN#06302787: OS command injection vulnerability in multiple FUJITSU Android devices

Multiple FUJITSU Android devices contain an OS command injection vulnerability. Impact An attacker with local access may obtain root privileges and execute arbitrary OS commands. Solution Apply an Update Apply the appropriate update according to the information provided by the provider. Products...

7.2CVSS7.3AI score0.00444EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/01 12:0 a.m.•30 views

JVN#04895240: SEIL Series routers vulnerable to denial-of-service (DoS)

The PPP Access Concentrator PPPAC and the Dial-Up Networking in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing certain packets CWE-119. Impact By receiving a specially crafted packet, the device may be...

7.8CVSS6.5AI score0.01799EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/11 12:0 a.m.•30 views

JVN#14691234: Multiple Cybozu products vulnerable to buffer overflow

Multiple products provided by Cybozu, Inc. contain a buffer overflow vulnerability CWE-119. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Update the Software Update to the latest version according to the information provided by the developer...

9CVSS7.4AI score0.03742EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/10/16 12:0 a.m.•30 views

JVN#66285408: Aflax vulnerable to cross-site scripting

Aflax is a JavaScript library that enables developers to use JavaScript to fully utilize all of the features of the Adobe Flash runtime. Aflax contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Aflax According t...

4.3CVSS6AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/25 12:0 a.m.•30 views

JVN#48270605: Yahoo! Japan Box for Android issue where it fails to verify SSL server certificates

Yahoo! Japan Box for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version...

5.4CVSS6.2AI score0.00354EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/07/29 12:0 a.m.•30 views

JVN#85748534: PerlMailer vulnerable to cross-site scripting

PerlMailer from Homepage Decorator is a mail form CGI which is used to send mail from a form on a web page. PerlMailer CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest upda...

4.3CVSS6.1AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/20 12:0 a.m.•30 views

JVN#48805624: Usermin vulnerable to OS command injection

Usermin is a web-based interface used to manage webmail. Usermin contains an OS command injection vulnerability. Impact When a user that is logged into Usermin performs a specific action, an arbitrary command may be executed. Solution Update the software Update to the latest version according to...

6.8CVSS6.7AI score0.01295EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/11 12:0 a.m.•30 views

JVN#58029817: C-BOARD Moyuku vulnerable to cross-site scripting

C-BOARD Moyuku is a bulletin board software. C-BOARD Moyuku contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Produc...

4.3CVSS5.9AI score0.00931EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/04 12:0 a.m.•30 views

JVN#54650130: SOY CMS vulnerable to cross-site scripting

SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is an open source content management system CMS. SOY CMS contains a cross-site scripting vulnerability. Impact If a user views a malicious page while logged in, an arbitrary script may be executed on the user's web browser. Solution App...

4.3CVSS5.9AI score0.00931EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/26 12:0 a.m.•30 views

JVN#87797318: XooNIps vulnerable to cross-site scripting

XooNIps provided by Neuroinformatics Japan Center, RIKEN Brain Science Institute is a module of XOOPS. XooNIps contains an issue in processing the output of input character string to the web page, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed...

4.3CVSS5.9AI score0.01171EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/22 12:0 a.m.•30 views

JVN#17849447: EC-CUBE vulnerable to information alteration

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information alteration vulnerability. Impact User's information may be altered by other user who visits the shopping site. Solution Apply the update or the patch Apply the update or the patch...

6.4CVSS6.3AI score0.01569EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/25 12:0 a.m.•30 views

JVN#81706478: Cybozu Garoon Keitai vulnerable to authentication bypass

Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon Keitai contains an authentication bypass vulnerability. Impact When an attacker sends a specially crafted request that includes a user ID for a user that has the Keitai function enabled, authentication using Keitai may be bypasse...

5.8CVSS6.4AI score0.01986EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/20 12:0 a.m.•30 views

JVN#06377589: EC-CUBE vulnerable to cross-site scripting

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the update or the patch Apply the update or the patch according to the...

4.3CVSS6AI score0.01883EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/20 12:0 a.m.•30 views

JVN#11221613: EC-CUBE vulnerable to cross-site request forgery

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Apply the update or the patch Apply the upda...

6.8CVSS6.3AI score0.01079EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/07 12:0 a.m.•30 views

JVN#12513975: TOWN (modified version) vulnerable to cross-site scripting

TOWN modified version provided by Tattyan's HP contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the latest version according to the information provided by the developer. Products Affected TOWN...

4.3CVSS5.9AI score0.01161EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/06/27 12:0 a.m.•30 views

JVN#07192063: EC-CUBE vulnerable to cross-site scripting

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN98665228. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the update ...

4.3CVSS5.8AI score0.05932EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/06/11 12:0 a.m.•30 views

JVN#99813183: Galapagos Browser vulnerable in the WebView class

Galapagos Browser is a web browser for Android devices. Galapagos Browser contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Do not use Galapagos...

4.3CVSS6.2AI score0.00893EPSS
Exploits0
Total number of security vulnerabilities5000