Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/07/11 12:0 a.m.28 views

JVN#68773685: AQUOS PhotoPlayer HN-PP150 vulnerable to denial-of-service (DoS)

AQUOS PhotoPlayer HN-PP150 contains an issue in the processing of packets, which may lead to a denial-of-service DoS. Impact Network functions may be disabled by a remote attacker. Solution Update the Firmware Update to the latest version of firmware according to the information provided by the...

5CVSS6.4AI score0.01904EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/05/08 12:0 a.m.28 views

JVN#61972596: Online Service Gate vulnerable in Office 365 password management

Online Service Gate provided by SoftBank Technology is a solution to manage the use of Office 365 which allows a system administrator to manage Office 365 users' passwords. Office 365 users' passwords are intended to be managed by a system administrator and cannot be obtained by users. OWA Helper...

4CVSS6.4AI score0.01174EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/04/26 12:0 a.m.28 views

JVN#01313594: jigbrowser+ for Android vulnerable to address bar spoofing

jigbrowser+ for Android contains an issue when opening a new window, which may result in the address bar being spoofed. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution Update the software Update to the latest version...

5.8CVSS6.1AI score0.00946EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/04/11 12:0 a.m.28 views

JVN#65034198: Sleipnir for Windows vulnerable to address bar spoofing

Sleipnir for Windows contains an issue in displaying colors and the padlock icon on the address bar, which may result in the address bar being spoofed. Impact A user may misinterpret that the website is using the SSL for communications even when the site is not using SSL. Solution Update the...

5CVSS6.2AI score0.01034EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/03/29 12:0 a.m.28 views

JVN#01167429: OpenWnn for Android vulnerable to information disclosure

OpenWnn provided by OMRON SOFTWARE Co., Ltd. is a Japanese Input Method Editor IME. OpenWnn for Android contains an issue in the access permissions for certain files. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may...

4.3CVSS6.2AI score0.01031EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/01/31 12:0 a.m.28 views

JVN#86040029: Weathernews Touch for Android stores location information in the system log file

Weathernews Touch provided by Weathernews Inc. is a weather forecast application. Weathernews Touch for Android contains a vulnerability that stores location information in the system log file. Impact Android applications with permissions to read system log files may obtain location information...

4.3CVSS6AI score0.00893EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/12/14 3:52 a.m.28 views

Welcart vulnerable to cross-site request forgery

Overview Welcart contains a cross-site request forgery vulnerability. Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site request forgery vulnerability. Yoshinori Matsumoto of Kobe Digital Lab., Inc. reported this vulnerability to IP...

6.8CVSS6.5AI score0.0107EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/11/02 12:0 a.m.28 views

JVN#55398821: Pebble vulnerable to open redirect

Pebble is an open source weblog system. Pebble contains an open redirect vulnerability. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the software Update to the...

5.8CVSS6.3AI score0.01305EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/11/01 12:0 a.m.28 views

JVN#98649286: CSWorks LiveData Service vulnerable to denial-of-service (DoS)

LiveData Service, a server component of CSWorks, contains an issue when processing TCP packets, which may lead to a denial-of-service DoS. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the software Update to the latest version according to the information...

5CVSS6.3AI score0.02351EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/10/13 12:0 a.m.28 views

JVN#08307791: Plume vulnerable to cross-site scripting

Plume is a Content Management System CMS. Plume contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of a user that is logged in as administrator. Solution Update the Software Update to the latest version according to the information provide...

2.6CVSS5.8AI score0.00936EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/06/16 12:0 a.m.28 views

JVN#87239473: Ichitaro series vulnerable to arbitrary code execution

The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Impact When opening a specially crafted file locally or through a website, an attacker may be able to execute arbitrary code. Solution Update the Software...

9.3CVSS7AI score0.05564EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/10/22 12:0 a.m.28 views

JVN#07497935: Multiple Yokka provided products may insecurely load executable files

Multiple products provided by Yokka such as text editors, contain an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of running the application. Solution Update the Software Update to the latest version...

6.9CVSS7.3AI score0.00279EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/08/31 12:0 a.m.28 views

JVN#24423311: moobbs vulnerable to cross-site scripting

moobbs from Moo is a bulletin board software. moobbs contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...

4.3CVSS5.9AI score0.01033EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/08/25 12:0 a.m.28 views

JVN#12683004: SEIL/X Series and SEIL/B1 IPv6 Unicast RPF vulnerability

SEIL/X Series and SEIL/B1 are routers. SEIL/X Series and SEIL/B1 contains a vulnerability in which IPv6 Unicast Reverse Path Forwarding RPF does not properly function in strict mode. Impact Packets that should be discarded, such as when an IP address is spoofed, may be transferred without being...

5.8CVSS6.4AI score0.01864EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/08/20 12:0 a.m.28 views

JVN#54336184: Winny BBS information processing vulnerability

Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of BBS information, which can be used to launch Distributed Denial of Service DDoS attacks. Impact A user may take part in a DDoS attack by a remote attacker. Solution Do not use Winny Please discontinue use of...

10CVSS6.5AI score0.01446EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/04/01 12:0 a.m.28 views

JVN#57963254 Compiere vulnerable to cross-site scripting

Compiere provided by Almas Inc. is an Enterprise Resource Planning ERP and Customer Relationship Management CRM software. Compiere contains a cross-site scripting vulnerability. This vulnerability is different from JVN38687002. Impact When a user is logged into Compiere, an arbitrary script may b...

4.3CVSS5.8AI score0.01528EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/07/14 12:0 a.m.28 views

JVN#31110006 shiromuku(fs6)DIARY cross-site scripting vulnerability

shiromukufs6DIARY from Perl CGI's By Mrs. Shiromuku is a web log software. shiromukufs6DIARY contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information...

4.3CVSS5.9AI score0.01065EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/05/29 12:0 a.m.28 views

JVN#01115659 REP-BBS from MT312 vulnerable to cross-site scripting

REP-BBS from MT312, is a web log system that supports posting and viewing web logs from a mobile phone. REP-BBS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update the software to the latest versi...

4.3CVSS6AI score0.01022EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/05/21 12:0 a.m.28 views

JVN#42927215 a-News from Appleple vulnerable to cross-site scripting

a-News, a web log system from Appleple, contains a cross-site scripting vulnerability. Note that future releases and maintenance of a-News ended on May 14, 2009. The developer recommends users who wish to continue using a web log system to use a-blog. Impact An arbitrary script may be executed on...

4.3CVSS6AI score0.01263EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/01/23 12:0 a.m.28 views

JVN#80771386 Fulltext search CGI vulnerability allows third party to gain administrative privileges

Fulltext search CGI is a website search software from futomi's CGI Cafe. Fulltext search CGI contains a vulnerability that allows an attacker to gain administrative privileges. Impact A remote attacker could impersonate an administrator of fulltext search CGI. Solution Update the Software Update ...

7.5CVSS6.5AI score0.01359EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/12/25 12:0 a.m.28 views

JVN#17298485 Mayaa cross-site scripting vulnerability

Mayaa from Seasar Project is an open source Java template engine. The default error page that Mayaa displays contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Apply the latest update provided by the...

4.3CVSS6AI score0.01263EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/09/17 12:0 a.m.28 views

JVN#94163107 Kantan WEB Server cross-site scripting vulnerability

Kantan WEB Server is a web server for Windows provided by Arihiro Kurata. Kantan WEB Server contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. Products...

4.3CVSS6.1AI score0.01223EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/08/21 12:0 a.m.28 views

JVN#52557009 La!cooda WIZ and LacoodaST vulnerable to cross-site scripting

La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the web browser of the user who...

4.3CVSS6AI score0.01528EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/06/04 12:0 a.m.28 views

JVN#25448394 Sleipnir and Grani vulnerable to arbitrary script execution when Bookmark search results are restored from history

Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted string is used in a search, an arbitrary script may be executed on the user's web browser when the...

4.3CVSS6.5AI score0.01065EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/03/21 12:0 a.m.28 views

JVN#00892830 Namazu cross-site scripting vulnerability

Namazu, Japanese full-text search engine does not specify charset in the ContentType header that could allow a remote attacker to execute an arbitrary script on the user's web browser. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Update to t...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/03/05 12:0 a.m.28 views

JVN#10056705 FTP bounce vulnerability in multiple Canon digital multifunction copiers and laser beam printers

The Canon Color imageRUNNER Series, imageRUNNER Series, imagePRESS Series, and laser beam printer series are digital multifunction copiers and printers. Some of these products contain a vulnerability that could allow a remote attacker to access other network devices via a built-in FTP server...

6.4CVSS6.3AI score0.02051EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/06/07 12:0 a.m.28 views

JVN#23891849 ADPLAN cross-site scripting vulnerability

ADPLAN Version 3, web access measurement software provided by Opt, Inc., contains a cross-site scripting vulnerability in the SEO search engine optimization module. A website that employs ADPLAN Version 3 service generates a web page using the HTTP header information sent from a client web browse...

6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/02/10 12:0 a.m.28 views

JVN#77366274 CCC Cleaner buffer overflow vulnerability

Impact Arbitrary code could be executed when CCC Cleaner scans UPX-packed files. Solution Products Affected CCC Cleaner CCC pattern Ver:185 CCC Cleaner is affected by this vulnerability only when the following file is contained in the "CCC Cleaner" folder. Filenames: lpt$vpn.185 As of February 13...

9.3CVSS6.4AI score0.083EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2005/10/21 12:0 a.m.28 views

JVN#59130192 eBASEweb SQL injection vulnerability

Impact A remote attacker could alter database content or steal data. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected eBASEweb version 3.0...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/08/05 12:0 a.m.27 views

JVN#50850706: Pimax Play and PiTool accept WebSocket connections from unintended endpoints

Pimax Play and PiTool provided by Pimax accept WebSocket connections from unintended endpointsCWE-923. Impact Arbitrary code may be executed by a remote unauthenticated attacker. Solution Update the Software For Pimax Play, update the software to the latest version according to the information...

9.8CVSS9.5AI score0.0064EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/05/10 12:0 a.m.27 views

JVN#83405304: "OfferBox" App uses a hard-coded secret key

"OfferBox" App provided by i-plug inc. uses a hard-coded secret key for JWT CWE-321. Impact The hard-coded secret key for JWT may be retrieved if the application binary is reverse-engineered. Solution The hard-coded secret key has been revoked by the developer on May 8, 2024 therefore this...

7.5CVSS7.2AI score0.00365EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/07 12:0 a.m.27 views

JVN#54451757: Multiple vulnerabilities in SKYSEA Client View

SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains multiple vulnerabilities listed below. Improper access control in the specific folder CWE-276 - CVE-2024-21805 Version| Vector| Score ---|---|--- CVSS v3|...

7.8CVSS8.1AI score0.00408EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/23 12:0 a.m.27 views

JVN#55217369: Rakuten WiFi Pocket vulnerable to improper authentication

Rakuten WiFi Pocket provided by Rakuten Mobile, Inc. is a mobile router. Management Screen of Rakuten WiFi Pocket contains an improper authentication vulnerability CWE-287. Impact An attacker who can access the product may log in to the product's Management Screen. As a result, sensitive...

5.4CVSS5.5AI score0.00276EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/06/22 12:0 a.m.27 views

JVN#97818024: Multiple vulnerabilities in Pleasanter

Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-32607 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:M/Au:S/C:N/I:P/A:N| Base...

6.5CVSS6.5AI score0.01158EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/05/22 12:0 a.m.27 views

JVN#45127776: Tornado vulnerable to open redirect

Tornado provided by tornadoweb contains a vulnerability that triggers open redirect CWE-601 under certain non-default configurations. Impact When accessing a specially crafted URL, the user of the website using the affected product may be redirected to an arbitrary website. As a result, the user...

6.1CVSS6.3AI score0.01132EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/05/09 12:0 a.m.27 views

JVN#80476232: SR-7100VN vulnerable to privilege escalation

SR-7100VN provided by ICOM INCORPORATED contains a privilege escalation vulnerability CWE-268. Impact A user with an administrator privilege of the product may obtain administrative privileges of the OS Operating System. As a result, an arbitrary OS command may be executed by the user. Solution...

6.8CVSS6.9AI score0.00338EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/14 12:0 a.m.27 views

JVN#60263237: The installers of ELECOM Camera Assistant and QuickFileDealer may insecurely load Dynamic Link Libraries

The installers of ELECOM Camera Assistant and QuickFileDealer provided by ELECOM CO.,LTD. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileges of the running application. Solution...

7.8CVSS7.7AI score0.00204EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/10 12:0 a.m.27 views

JVN#75437943: Aiphone Video Multi-Tenant System Entrance Stations vulnerable to information disclosure

Video Multi-Tenant System Entrance Stations provided by AIPHONE CO., LTD. contain an information disclosure vulnerability CWE-200. Impact An attacker who can obtain specific information of the product and access the product may obtain sensitive information stored in the device. Solution Use the...

6.5CVSS6.2AI score0.00295EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/02/25 5:2 a.m.27 views

Information Disclosure Vulnerability in RICOH printers

Overview Multiple RICOH printers contain Information Disclosure CWE-200. RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership. Impact A user who ca...

7.5CVSS6.2AI score0.01409EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/02/09 12:0 a.m.27 views

JVN#88176589: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to authentication bypass

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains an authentication bypass vulnerability. Impact A remote unauthenticated attacker may perform an arbitrary...

7.5CVSS7.4AI score0.01488EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/01/16 12:0 a.m.27 views

JVN#28331227: MaruUo Factory's multiple AttacheCase products vulnerable to directory traversal

Multiple AttacheCase products provided by MaruUo Factory contain a directory traversal vulnerability CWE-22 due to a flaw in processing filenames in ATC files. Impact Decrypting a crafted ATC file may result in creation of an arbitrary file or overwriting of an existing file. Solution Update the...

5.5CVSS5.5AI score0.03417EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/01/06 12:0 a.m.27 views

JVN#60879379: Olive Blog vulnerable to cross-site scripting

Olive Blog provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the search parameter. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Olive Blog Olive Blog is no longer being developed or maintained. It...

6.1CVSS6AI score0.00886EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/09/29 12:0 a.m.27 views

JVN#89726415: ManageEngine ServiceDesk Plus fails to restrict access permissions

ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus fails to restrict access permissions. Impact A user logged in with guest privileges may access functions for which permissions are not granted. Solution Update the software Update to...

8.8CVSS8.6AI score0.02683EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/09/15 12:0 a.m.27 views

JVN#18926672: Zend Framework vulnerable to SQL injection

Zend Framework is an open source web application framework. Zend Framework 1 contains an SQL injection vulnerability CWE-89 due to a flaw in processing parameters in the ORDER BY and GROUP BY clauses. Impact Information stored in the database may be obtained or altered by a remote attacker...

9.8CVSS9.6AI score0.04124EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/08/31 12:0 a.m.27 views

JVN#85213412: Multiple AKABEi SOFT2 LTD. games vulnerable to OS command injection

Multiple games provided by AKABEi SOFT2 LTD. contain an OS command injection vulnerability CWE-78 due to an issue in loading saved data. Impact When specially crafted saved data is loaded, an arbitrary OS command may be executed. Solution Apply a Workaround The following workaround can mitigate t...

7.8CVSS7.7AI score0.01534EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/06/22 12:0 a.m.27 views

JVN#76653039: CG-WLBARGL vulnerable to command injection

CG-WLBARGL provided by Corega Inc is a wireless LAN router. CG-WLBARGL contains a command injection vulnerability. Impact An arbitrary command may be executed by an authenticated attacker. Solution Do not use CG-WLBARGL As of Jun 22nd, 2016, there are no practical solutions to this issue. It is...

8CVSS8AI score0.01067EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/06/16 5:3 a.m.27 views

Deep Discovery Inspector vulnerable to remote code execution

Overview Deep Discovery Inspector provided by Trend Micro Incorporated contains a remote code execution vulnerability. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the...

9CVSS8.3AI score0.07768EPSS
Exploits2References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/03/30 12:0 a.m.27 views

JVN#82020528: Aterm WG300HP vulnerable to cross-site request forgery

Aterm WG300HP provided by NEC Corporation contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Apply a Workaround The following workaround may mitigate the affects of this...

8.8CVSS8.6AI score0.00629EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/02/15 12:0 a.m.27 views

JVN#69278491: Cybozu Office vulnerable to cross-site scripting

Cybozu Office contains a cross-site scripting vulnerability CWE-79 in multiple functions. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected Cyboz...

6.1CVSS5.9AI score0.01069EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/10/15 12:0 a.m.27 views

JVN#92520335: eXtplorer vulnerable to cross-site request forgery

eXtplorer is a web-based file manager. index.php of eXtplorer contains a cross-site request forgery CWE-352 vulnerability. Impact If a user views a malicious page while logged in, the user may be forced to implicitly perform unintended operations such as the execution of arbitrary PHP code...

6.8CVSS6.3AI score0.01014EPSS
Exploits0
Total number of security vulnerabilities5000