Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/20 12:0 a.m.•29 views

JVN#49974594: Webmin vulnerable to cross-site scripting

Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser who is logged into Webmin. Solution Update the software Update to the latest version according to the information provided by th...

4.3CVSS5.8AI score0.00931EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/11 12:0 a.m.•29 views

JVN#50129191: JustSystems Online Update Program bundled with JustSystems products vulnerable to arbitrary code execution

"JUST Online Update" and "JUST Online Update for J-License and the management tools" that are bundled with multiple JustSystems products contain a flaw that allows the update program to be executed even if the signature of an update module is invalid. Please note that this is a flaw in the online...

7.6CVSS6.9AI score0.03592EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/22 12:0 a.m.•29 views

JVN#81637882: Information disclosure vulnerability in Sleipnir Mobile for Android

Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may result in the disclosure of a user's location. Impact When a website that a user is viewing requests the user's location information, Sleipnir...

4.3CVSS6.1AI score0.01066EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/20 12:0 a.m.•29 views

JVN#55630933: EC-CUBE information disclosure vulnerability

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability due to an issue in processing front features. Impact User's information may be obtained or altered by other user who visits the shopping site. Solution...

5.5CVSS6.2AI score0.01172EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/20 12:0 a.m.•29 views

JVN#06870202: EC-CUBE information disclosure vulnerability

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability. Impact When the server receives a specially crafted request, the absolute path of the product on the server may be obtained. Solution Apply the update or...

5CVSS6.2AI score0.01504EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/05 12:0 a.m.•29 views

JVN#81813850: Tiki Wiki CMS Groupware vulnerable to cross-site scripting

Tiki Wiki CMS Groupware Tiki is a content management system CMS. Tiki contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of an user who is logged in. Solution Apply an Update Apply the appropriate update for the version of the software bei...

4.3CVSS6AI score0.01156EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/10/30 12:0 a.m.•29 views

JVN#70739377: Multiple products that use International Components for Unicode (ICU) vulnerable to denial-of-service (DoS)

International Components for Unicode ICU is a library for handling Unicode strings. A C version, ICU4C and a Java version ICU4J are available. Multiple products that use ICU4C contain a denial-of-service vulnerability due to a race condition. ICU released ICU4C version 50.1.1 that addresses this...

6.8CVSS6.1AI score0.01339EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/08/07 12:0 a.m.•29 views

JVN#44035194: docomo overseas usage application vulnerability in the connection process

docomo overseas usage application provided by NTT DOCOMO contains a vulnerability within the process of connecting to Wi-Fi access points, which may lead to user information being sent unintentionally. Impact When connecting to a Wi-Fi access point, an attacker may obtain user information. Soluti...

3.3CVSS6.2AI score0.00732EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/06/07 12:0 a.m.•29 views

JVN#39218538: Pizza Hut Japan Official Order App for Android. contains an issue where it fails to verify SSL server certificates

Pizza Hut Japan Official Order App for Android. contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the...

5.8CVSS5.9AI score0.00582EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/05/23 12:0 a.m.•29 views

JVN#39699406: EC-CUBE vulnerable to information disclosure as a result of improper input checking

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an issue with checking input values, which may result in information disclosure. Impact A remote, unauthenticated attacker may obtain information stored in the product. Solution Apply the update...

5CVSS6.2AI score0.01369EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/05/13 12:0 a.m.•29 views

JVN#18501376: OpenPNE vulnerable to cross-site scripting

The management screen in OpenPNE contains an issue in the processing of data input into the "mobile version color scheme configuration" item, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of a user who is logged on as an...

4.3CVSS5.9AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/04/15 12:0 a.m.•29 views

JVN#06251813: Multiple Cybozu products vulnerable to cross-site request forgery

Multiple Cybozu products contain a cross-site request forgery vulnerability. Impact If a user accesses a specially crafted URL while logged in, user passwords or administrator passwords may be altered. Solution Update the Software Update to the latest version according to the information provided...

6.8CVSS6.1AI score0.00643EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/02/26 12:0 a.m.•29 views

JVN#16817324: Multiple JustSystems products vulnerable to arbitrary code execution

Multiple products provided by JustSystems Corporation contain a vulnerability that may allow arbitrary code execution. For more information, refer to the information provided by the developer. Impact Opening a file may cause arbitrary code to be executed with the privilege of the running...

9.3CVSS7AI score0.03815EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/11/16 12:0 a.m.•29 views

JVN#56923652: Monaca Debugger for Android information management vulnerability

Monaca Debugger provided by Asial Corporation contains an issue where account information of the product or other information such as session IDs are saved in a log file. Impact Android applications with permissions to read system log files may obtain users credentials of Monaca or other...

5CVSS6.2AI score0.01354EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/08/07 12:0 a.m.•29 views

JVN#67435981: LINE for Android vulnerable in handling of implicit intents

LINE for Android provided by NHN Japan, is an application for communication with others. LINE for Android contains a vulnerability in the handling of implicit intents. Impact Information such as messages sent by LINE may be leaked to a third party through a malicious application. Solution Update...

5CVSS6.2AI score0.01354EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/07/06 12:0 a.m.•29 views

JVN#80835745: Movable Type plugin MT4i vulnerable to cross-site scripting

MT4i is a Movable Type plugin. MT4i contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN79111101. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the informati...

4.3CVSS5.7AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/04/05 12:0 a.m.•29 views

JVN#44913777: SENCHA SNS vulnerable to cross-site request forgery

SENCHA SNS is an open source SNS software. SENCHA SNS contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, arbitrary operations may be conducted on the vulnerable system. Solution Update the Software Update to the latest version provided by...

6.8CVSS6.6AI score0.00643EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/28 12:0 a.m.•29 views

JVN#62336482: FFFTP may insecurely load executable files

FFFTP loads certain executables when using certain functions. FFFTP contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution Update the software Update to the latest...

9.3CVSS7AI score0.02343EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/11 12:0 a.m.•29 views

JVN#36684331: WEB FORUM vulnerable to cross-site scripting

WEB FORUM provided by KENT-WEB is a bulletin board software. WEB FORUM contains a vulnerability in processing the web page to be output, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the lates...

4.3CVSS5.8AI score0.01029EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/16 12:0 a.m.•29 views

JVN#31506102: Aipo vulnerable to SQL injection

Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability. Impact Users who can login and do not have access privileges to information in Aipo may view or alter information. The developer has confirmed that a...

7.5CVSS7.1AI score0.01072EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/01/07 12:0 a.m.•29 views

JVN#09157962: SquirrelMail vulnerable to cross-site scripting

SquirrelMail from SquirrelMail Project is an open source webmail web-based email. SquirrelMail contains an issue in handling specific character encoding and processing "data:" URL, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser...

4.3CVSS5.6AI score0.0253EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/11/26 12:0 a.m.•29 views

JVN#36765384: Google Chrome information disclosure vulnerability

Google Chrome contains an information disclosure vulnerability caused by the improper handling of XML files. Impact When viewing a specially crafted web page, information may be disclosed. Solution Update the Software Update to the latest version according to the information provided by the...

6.5CVSS6.1AI score0.00761EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/29 12:0 a.m.•29 views

JVN#72541530: Active! mail 6 vulnerable to HTTP header injection

Active! mail 6 from TransWARE Co. is a web-based email software. Active! mail 6 contains a HTTP header injection vulnerability. Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. HTTP response splitting attacks are also possible. Soluti...

4.3CVSS6.7AI score0.01104EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/08/31 12:0 a.m.•29 views

JVN#75101998: moobbs2 vulnerable to cross-site scripting

moobbs2 from Moo is a threaded bulletin board software. moobbs contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer...

4.3CVSS5.9AI score0.01033EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/05/17 12:0 a.m.•29 views

JVN#82749282 CapsSuite Small Edition PatchMeister vulnerable to denial of service

CapsSuite Small Edition PatchMeister is a product that manages the application of security patches. CapsSuite Small Edition PatchMeister contains a denial of service DoS vulnerability. Impact On a server or workstation with "Client Service for PTM" installed, a remote attacker may shut down or...

7.8CVSS6.7AI score0.02816EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/10/28 12:0 a.m.•29 views

JVN#06362164 SEIL/X Series and SEIL/B1 buffer overflow vulnerability

SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contain an issue in the processing by the URL filtering function, which may lead to a buffer overflow vulnerability. Impact When processing a specially crafted URL, a remote attacker may be able to execute arbitrary code. Solution...

9.3CVSS7.6AI score0.04756EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/09/17 12:0 a.m.•29 views

JVN#00425482 XF-Section vulnerable to cross-site scripting

XF-Secion from Happy Linux is a XOOPS module that categorizes contents. XF-Section contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use XF-Section Since the product is no longer being developed, users are...

4.3CVSS6AI score0.01624EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/08/24 12:0 a.m.•29 views

JVN#31035930 SugarCRM vulnerable to SQL injection

SugarCRM is a customer relationship management CRM software. SugarCRM contains a SQL injection vulnerability. Impact As a result of SQL injection, contents within the database can be compromised. Solution Update the Software Update to the latest version according to the information provided by th...

7.5CVSS7AI score0.01359EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/06/18 12:0 a.m.•29 views

JVN#87239696 iPhone OS denial of service (DoS) vulnerability

iPhone OS from Apple contains a denial of service DoS vulnerability. Impact A remote attacker could possibly cause a denial of service DoS attack by sending a specially crafted packet. Solution Update the software Update to latest version according to the information provided by Apple. Products...

7.8CVSS6.3AI score0.02798EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/11/06 12:0 a.m.•29 views

JVN#19072922 EC-CUBE vulnerable to SQL injection

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a SQL injection vulnerability. This vulnerability is different from JVN81111541. Impact A remote attacker could obtain the website administrator's privilege which was created using EC-CUBE...

7.5CVSS7.4AI score0.01063EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/10/17 12:0 a.m.•29 views

JVN#81490697: Movable Type cross-site scripting vulnerability

Movable Type, a web log system from Six Apart KK, contains a vulnerability resulting from the improper handling of the management page that can lead to cross-site scripting. This vulnerability is different from JVN30385652. Impact An arbitrary script may be executed on the blog administrator's we...

3.5CVSS6.1AI score0.01019EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/08/29 12:0 a.m.•29 views

JVN#03859837 Blogn vulnerable to cross-site scripting

Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor. Products Affected Blogn v1.9.7 and earl...

4.3CVSS6.1AI score0.01065EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/26 12:0 a.m.•29 views

JVN#33044255 GreaseKit and Creammonkey allows execution of userscript functions

GreaseKit and Creammonkey are plugins that enable user scripting to Safari and other Apple Webkit applications, and they provide APIs callable only from userscripts. GreaseKit and Creammonkey are vulnerable in allowing APIs called from a web page. Impact When a user views a specially crafted web...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/02/01 12:0 a.m.•29 views

JVN#77886599 Hatena Toolbar sends URL information unecnrypted

Impact When a user of Hatena Toolbar views a SSL secured web page, an attacker could obtain the information contained in the URL such as a session ID which needs to be protected. As a result, an attacker could possibly conduct session hijacking. Solution Products Affected Hatena Toolbar v1.5.4 an...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/04/19 12:0 a.m.•29 views

JVN#97757029 w3ml cross-site scripting vulnerability

Impact An arbitrary script could be executed on the user's web browser which may allow an attacker to steal cookie information. Solution Products Affected w3ml-0.4-20020625 and earlier...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/21 12:0 a.m.•28 views

JVN#83855727: FortiWeb vulnerable to SQL injection

FortiWeb provided by Fortinet, Inc. contains an SQL injection vulnerability CWE-89, CVE-2024-55593. Impact Information in the FortiWeb database may be obtained by a user who can log in to the product. Solution Update the software Update the software to the latest version according to the...

2.7CVSS7.8AI score0.00392EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/18 12:0 a.m.•28 views

JVN#41397971: Multiple vulnerabilities in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software

AIPHONE IX SYSTEM is an IP Network Audio-Video Intercom and IXG SYSTEM is an IP-based Residential System. IX SYSTEM, IXG SYSTEM, and System Support Software contain multiple vulnerabilities listed below. OS command injection CWE-78 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0...

8CVSS8.2AI score0.01077EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/12 12:0 a.m.•28 views

JVN#25594256: Denial-of-service (DoS) vulnerability in IPCOM WAF function

WAF function of IPCOM provided by Fsas Technologies Inc. contains a denial-of-service DoS vulnerability CWE-908. Impact If the product receives a specially crafted packet by an attacker, the system may be rebooted or suspended. Solution Update the firmware Update the firmware to the latest versio...

5.3CVSS5.1AI score0.0046EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/28 12:0 a.m.•28 views

JVN#71404925: Multiple vulnerabilities in UTAU

UTAU provided by ameya/ayame contains multiple vulnerabilities listed below. OS command injection CWE-78 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Base Score 5.3 CVE-2024-28886 Path Traversal CWE-22 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 3.3 CVE-2024-32944 Impact If a user of...

8.4CVSS8.8AI score0.00663EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/08 12:0 a.m.•28 views

JVN#87694318: WordPress Plugin "Heateor Social Login WordPress" vulnerable to cross-site scripting

WordPress Plugin "Heateor Social Login WordPress" provided by Heateor contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the website using the product. Solution Update the plugin Update the plugin to...

5.4CVSS5.6AI score0.00341EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/10 12:0 a.m.•28 views

JVN#70977403: Multiple vulnerabilities in a-blog cms

a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in Entry editing pages CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2024-30419 Server-side request forgery CWE-918...

6.6CVSS6.3AI score0.00739EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/15 12:0 a.m.•28 views

JVN#48966481: a-blog cms vulnerable to URL spoofing

a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains an URL spoofing vulnerability CWE-451. Impact If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the...

4.7CVSS6.2AI score0.00448EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/15 12:0 a.m.•28 views

JVN#96240417: Thermal camera TMC series vulnerable to insufficient technical documentation

Thermal camera TMC series provided by THREE R SOLUTION CORP. JAPAN are vulnerable to insufficient technical documentation CWE-1059. The related documentation does not describe the existence of the network interface, nor the internal storage for pictures and measurement data. Impact The user of th...

4.6CVSS4.6AI score0.00238EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/25 12:0 a.m.•28 views

JVN#39139884: Movable Type vulnerable to cross-site scripting

Movable Type provided by Six Apart Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the Software Apply the appropriate update according to the information provided by the developer. The develop...

5.4CVSS5.4AI score0.00354EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/06 12:0 a.m.•28 views

JVN#42691027: "direct" Desktop App for macOS fails to restrict access permissions

"direct" Desktop App for macOS provided by L is B Corp. fails to restrict access permissions CWE-284. The access control mechanism provided by macOS "TCC Transparency Consent and Control" may be bypassed. Impact Camrea, microphone, etc. of the device where the product is installed may be used...

5.5CVSS5.2AI score0.00163EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/30 12:0 a.m.•28 views

JVN#95981715: Starlette vulnerable to directory traversal

Starlette provided by Encode contains a directory traversal vulnerability CWE-22. Impact Under certain conditions, a remote attacker may view files in a web service which was built using the product. Solution Update the software Update the software according to the information provided by the...

7.5CVSS7.4AI score0.02032EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/04 12:0 a.m.•28 views

JVN#75742861: Improper restriction of XML external entity references (XXE) in National land numerical information data conversion tool

National land numerical information data conversion tool provided by MLIT improperly restricts XML external entity references XXE CWE-611. Impact By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker. Solution Stop using the product The developer...

5.5CVSS5.4AI score0.00226EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/02/28 12:0 a.m.•28 views

JVN#78253670: web2py development tool vulnerable to open redirect

The admin development tool included in the web2py source code contains an open redirect vulnerability CWE-601. According to the developer, they do not recommend using the tool in operational environment or disclosing it on the Internet. Impact When using the tool, a web2py user may be redirected ...

6.1CVSS6.2AI score0.02382EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/10/07 12:0 a.m.•28 views

JVN#00845253: Growi vulnerable to improper access control

GROWI provided by WESEEK, Inc. contains an improper access control vulnerability CWE-284. Impact A user who can login to the affected product may download the markdown data from the pages set to private by the other users. Solution Update the software Update the software to the following versions...

6.5CVSS6.3AI score0.00782EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/05/24 12:0 a.m.•28 views

JVN#15241647: WordPress plugin "WP Statistics" vulnerable to cross-site scripting

WordPress plugin "WP Statistics" provided by VeronaLabs contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the web site using the product. Solution Update the plugin Update the plugin according to th...

6.1CVSS6AI score0.00969EPSS
Exploits0
Total number of security vulnerabilities5000