Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/05/31 12:0 a.m.23 views

JVN#62111727: Pleasanter vulnerable to cross-site scripting

Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the software or apply the patch Update the software to the latest version according to the information provided by...

5.4CVSS5.5AI score0.00671EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/05/08 12:0 a.m.23 views

JVN#01937209: LINE WORKS Drive Explorer vulnerable to code injection

LINE WORKS Drive Explorer provided by WORKS MOBILE Japan Corp. contains a code injection vulnerability CWE-94. Impact An attacker who can login to the client where the affected product is installed may inject arbitrary code while processing the product execution. Since a full disk access privileg...

9.8CVSS9.5AI score0.00576EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/04/19 12:0 a.m.23 views

JVN#99657911: WordPress plugin "LIQUID SPEECH BALLOON” vulnerable to cross-site request forgery

WordPress plugin "LIQUID SPEECH BALLOON” provided by LIQUID DESIGN Ltd. contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Software Update the Software to the latest...

8.8CVSS8.6AI score0.00457EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/12/26 12:0 a.m.23 views

JVN#90813656: Wireshark for Windows issue where an arbitrary file may be deleted

Wireshark for Windows uses a software updating library called WinSparkle. Wireshark for Windows contains an issue where an arbitrary directory of file may be deleted due to an issue contained in WinSparkle JVN96681653. Impact An arbitrary directory or file may be deleted with the privileges of th...

7.8CVSS7.6AI score0.02594EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/01/29 12:0 a.m.23 views

JVN#03050861: EXPRESSCLUSTER X vulnerable to directory traversal

EXPRESSCLUSTER X from NEC Corporation is software to provide high availability HA clustering. EXPRESSCLUSTER X contains an issue in WebManager, which may lead to directory traversal. Impact Arbitrary files on the server may be viewed by an attacker who can access to the WebManager. Solution Updat...

7.8CVSS7.4AI score0.03821EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/04/09 12:0 a.m.23 views

JVN#02527990: Lhaplus vulnerable to directory traversal

Lhaplus is a file compression/decompression software. Lhaplus contains an issue in processing file names, which may result in a directory traversal vulnerability. Impact Decompressing a file with a specially crafted file name may result in a creation of an arbitrary file or an overwrite of an...

5.8CVSS6.4AI score0.0156EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/12/04 12:0 a.m.23 views

JVN#12798709: KENT-WEB Clip Board vulnerable to cross-site scripting

KENT-WEB Clip Board is a bulletin board software that a user can upload binary files such as image files. Clip Board contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...

4.3CVSS5.8AI score0.01193EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/09/09 12:0 a.m.23 views

JVN#73357573: Movable Type vulnerable to cross-site scripting

Movable Type contains an issue in processing the management page, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed or a false form may be displayed on the administrator's web browser. Solution Update the software Update to the latest version...

3.5CVSS5.7AI score0.00967EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/08/12 12:0 a.m.23 views

JVN#07957080: Dominion KX2-101 vulnerable to denial-of-service (DoS)

Dominion KX2-101 provided by Raritan Japan, Inc. is a KVM-over-IP switch. Dominion KX2-101 contains a denial-of-service DoS vulnerability. Impact By receiving a specially crafted packet, the product may be forced to stop responding. Solution Upgrade to Dominion KX2-101 V2 The vulnerability has be...

7.8CVSS6.4AI score0.02271EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/08/08 12:0 a.m.23 views

JVN#87962145: Piwigo vulnerable to SQL injection

Piwigo is a software to manage and host image files on the web. Piwigo contains a SQL injection vulnerability. Impact An authenticated attacker may obtain information stored in the database. Solution Apply a patch Apply the patch according to the information provided by the developer. According t...

6.5CVSS6.4AI score0.01007EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/07/25 12:0 a.m.23 views

JVN#30281958: Arbitrary program execution vulnerability in TrendLink ActiveX control

TrendLink provided by Canary Labs is a tool to help visualize data for analysis. The SaveToFile method provided in the ActiveX control in TrendLink contains a vulnerability where file creation is not properly restricted. Impact A remote attacker may create an arbitrary file on the system and as a...

8.5CVSS6.8AI score0.0129EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/02/06 12:0 a.m.23 views

JVN#23256725: Opera browser for Android issue in handling intent scheme URL's

Opera browser for Android contains an issue in the handling of intent scheme URL's. Impact When a user views a specially crafted page, the Opera browser for Android cookie file may be disclosed. Solution Apply an Update Apply the appropriate update for the version of the software being used...

4.3CVSS6.2AI score0.01031EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/11/22 12:0 a.m.23 views

JVN#65312543: D-Link DES-3800 Series vulnerable to denial-of-service (DoS)

DES-3800 Series provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in the implementation of SSH. Impact A user who can login using SSH may cause the product to stop responding. Solution Update the Firmware Update to the latest version of firmware according to...

6.8CVSS6AI score0.01198EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/08/30 12:0 a.m.23 views

JVN#15973066: EC-CUBE vulnerable to directory traversal when used in Windows

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability when used in Windows. Impact A remote attacker may obtain arbitrary files on the server. Solution Apply the update or patch Apply the update or patch accordin...

5CVSS6.6AI score0.02098EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/06/18 12:0 a.m.23 views

JVN#98712361: Ichitaro series vulnerable to arbitrary code execution

The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Impact When a user opens a specially crafted file, an arbitrary code may be executed. Solution Update the software Apply the appropriate update module...

10CVSS6.7AI score0.04174EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/05/23 12:0 a.m.23 views

JVN#45306814: EC-CUBE fails to restrict access permissions

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a URL handling issue in certain environments and as a result, access permissions are not restricted. Impact A remote, unauthenticated attacker may access the management screen. Solution Apply th...

4.3CVSS6.4AI score0.01792EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/07/03 12:0 a.m.23 views

JVN#05102851: Yome Collection for Android issue in management of IMEI

Yome Collection for Android contains an issue which stores the International Mobile Equipment Identity IMEI on a SD card. Applications without the READPHONESTATE permission may obtain the IMEI from the SD card. Impact If a user of the affected product uses a malicious Android application, the IME...

5CVSS6.4AI score0.01369EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/02/13 12:0 a.m.23 views

JVN#85695061: ALFTP may insecurely load executable files

ALFTP provided by ESTsoft Corp. is a FTP client software with the built in FTP server. ALFTP contains an issue when loading files. For example, if an user tries to open README a file without extention which exists in the same directory where README.exe a file with .exe extention exists, README.ex...

9.3CVSS7AI score0.02207EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/12/02 12:0 a.m.23 views

JVN#61695284: PowerChute Business Edition vulnerable to cross-site scripting

PowerChute Business Edition from Schneider Electric is a power management software. PowerChute Business Edition contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the software Upgrade to the latest version accordin...

4.3CVSS5.7AI score0.00921EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/04/12 12:0 a.m.23 views

JVN#98467259 Ichitaro series vulnerable to arbitrary code execution

The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Impact When opening a specially crafted file locally or through a website, an attacker may be able to execute arbitrary code. Solution Update the software...

9.3CVSS7.2AI score0.04036EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/12/09 12:0 a.m.23 views

JVN#49602378 SEIL/B1 authentication issue

The PPP Access Concentrator PPPAC function within SEIL/B1 contains an issue in the CHAP and MS-CHAP-V2 authentication processes, the same challenge value is repeatedly used for each authentication attempt. Impact A third party may be able to perform replay attacks. As a result, the third party ma...

2.6CVSS6.6AI score0.01356EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/12/07 12:0 a.m.23 views

JVN#79762947 EC-CUBE information disclosure vulnerability

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability. Impact A remote attacker may be able to obtain customer data that is saved by EC-CUBE. Solution Update the Software Apply the latest updates provided by...

5CVSS6.1AI score0.01524EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/01/09 12:0 a.m.23 views

JVN#10170564 MODx cross-site scripting vulnerability

MODx, an open source contents management system, contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. Products Affected MODx 0.9.6.2 and earlier...

4.3CVSS6.2AI score0.01065EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/12/03 12:0 a.m.23 views

JVN#02216739 Movable Type Enterprise cross-site scripting vulnerability

Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability. This vulnerability is different from JVN30385652 and JVN81490697. Impact An arbitrary script may be executed on an user's web browser. Solution Update the Software Update...

4.3CVSS6AI score0.01223EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/06/25 12:0 a.m.23 views

JVN#36635562 nProtect : Netizen denial of service (DoS) vulnerability

nProtect : Netizen from NetMove Corporation is security software that works only while communicating with specific web pages. nProtect : Netizen contains a denial of service DoS vulnerability. Impact An remote attacker could disable nProtect : Netizen by convincing a user to open a specially...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/06/27 12:0 a.m.23 views

JVN#44532794 rktSNS cross-site scripting vulnerability

rktSNS, provided by rakuto.net, is open source software for community site construction. rktSNS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the update provided by the developer. For more...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/07/29 12:0 a.m.22 views

JVN#84326763: Multiple vulnerabilities in SKYSEA Client View

SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains multiple vulnerabilities listed below. Improper access control in the specific process CWE-266 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2024-41139 Origin...

7.8CVSS8.1AI score0.00501EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/06/07 12:0 a.m.22 views

JVN#79213252: WordPress Plugin "Music Store - WordPress eCommerce" vulnerable to SQL injection

WordPress Plugin "Music Store - WordPress eCommerce" provided by CodePeople contains an SQL injection vulnerability CWE-89. Impact A user of the product with the administrator privilege may execute an arbitrary SQL command. Information stored in the database may be obtained or altered by the user...

6.5CVSS7.1AI score0.00519EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/05/24 12:0 a.m.22 views

JVN#35838128: WordPress Plugin "WP Booking" vulnerable to cross-site scripting

WordPress Plugin "WP Booking" provided by aviplugins.com contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the web site using the product. Solution Update the plugin Update the plugin to the late...

4.7CVSS8.7AI score0.0037EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/25 12:0 a.m.22 views

JVN#17176449: ffBull vulnerable to OS command injection

ffBull according to the original report submitted by the reporter provided by Fortunefield is a bulletin board system BBS. ffBull contains an OS command injection vulnerability CWE-78. Impact A remote unauthenticated attacker may execute an arbitrary OS command with the privilege of the running w...

9.8CVSS9.9AI score0.01284EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/02/29 12:0 a.m.22 views

JVN#78084105: OpenPNE plugin "opTimelinePlugin" vulnerable to cross-site scripting

OpenPNE plugin "opTimelinePlugin" provided by OpenPNE Project contains a stored cross-site scripting vulnerability CWE-79 in Edit Profile page. Impact On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed ...

5.4CVSS5.6AI score0.0034EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/01/23 12:0 a.m.22 views

JVN#40049211: Improper restriction of XML external entity references (XXE) in Electronic Deliverables Creation Support Tool provided by Ministry of Defense

Electronic Deliverables Creation Support Tool provided by Ministry of Defense improperly restricts XML external entity references XXE CWE-611. Impact Processing a specially crafted XML file may lead to exposure of internal files on the system. Solution Update the Software Update the software to t...

5.5CVSS5.3AI score0.00195EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/09 12:0 a.m.22 views

JVN#84820712: "Rikunabi NEXT" App for Android fails to restrict custom URL schemes properly

"Rikunabi NEXT" App for Android provided by Recruit Co., Ltd. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead ...

6.1CVSS6.2AI score0.00323EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/15 12:0 a.m.22 views

JVN#30900552: EC-CUBE plugin "Product Image Bulk Upload Plugin" vulnerable to insufficient verification in uploading files

EC-CUBE plugin "Product Image Bulk Upload Plugin", a plugin that enables to upload image files, provided by EC-CUBE CO.,LTD. contains an insufficient verification vulnerability when uploading files CWE-20. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary...

9.8CVSS9.5AI score0.00982EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/03/03 12:0 a.m.22 views

JVN#87683137: Norton Security for Mac improperly processes ICMP packets

Norton Security for Mac provided by NortonLifeLock Inc. is antivirus software. Norton Security for Mac improperly processes ICMP packets, which may result in OS to crash CWE-20. Impact An unprivileged user may cause a denial-of-service DoS condition on the OS. Solution Update the Software Update...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/03/07 12:0 a.m.22 views

JVN#49408248: OneThird CMS vulnerable to cross-site scripting

OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability CWE-79 due to an issue in processing the language selection screen. Impact An arbitrary script may be executed on the user's web browser. Solution For the users who have installed OneThird CMS already: Update th...

6.1CVSS6.2AI score0.01195EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/02/19 12:0 a.m.22 views

JVN#69854312: baserCMS vulnerable to OS command injection

baserCMS is an open-source Contents Management System CMS. baserCMS contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed on the server by a logged in attacker. Solution Update the Software Update to the latest version according to the information...

6.5CVSS6.6AI score0.01056EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/01/19 12:0 a.m.22 views

JVN#88559134: SYNCK GRAPHICA Download Log CGI vulnerable to directory traversal

Download Log CGI provided by SYNCK GRAPHICA contains an issue in processing file names, which may result in a directory traversal vulnerability. Impact A remote attacker may obtain arbitrary files on the server. Solution Update the Software Update to the latest version according to the informatio...

5CVSS6.4AI score0.01911EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/08/18 12:0 a.m.23 views

JVN#27531188: Cakifo vulnerable to cross-site scripting

Cakifo is a theme for WordPress. Cakifo contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the theme Update to the latest version according to the information provided by the developer. Products Affected Cakifo 1.0 ...

3.5CVSS5.8AI score0.01489EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/04/18 12:0 a.m.22 views

JVN#22670349: AndExplorer vulnerable to directory traversal

AndExplorer provided by LYSESOFT contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileges to...

6.4CVSS6.7AI score0.01521EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/01/10 12:0 a.m.22 views

JVN#88313872: ZIP with Pass vulnerable to directory traversal

ZIP with Pass provided by aokitaka contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileges to...

5.8CVSS6.6AI score0.01142EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/05/29 12:0 a.m.22 views

JVN#22756333: Sleipnir Mobile for Android vulnerable to address bar spoofing

Sleipnir Mobile for Android contains an issue when opening a new window, which may result in the address bar being spoofed. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution Update the software Update to the latest...

5.8CVSS6.1AI score0.01528EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/11/02 12:0 a.m.22 views

JVN#52264310: MosP kintai kanri vulnerable to authentication bypass

MosP kintai kanri is an open source attendance management software. MosP kintai kanri contains an authentication bypass vulnerability. Impact An attacker with a MosP kintai kanri account may impersonate another user. As a result, information may be obtained and settings may be altered with the...

5.5CVSS6.5AI score0.01139EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/06/07 12:0 a.m.22 views

JVN#18397171: FeedDemon vulnerable to arbitrary script execution

FeedDemon is an RSS/Atom feed reader. FeedDemon is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information when using the "feed preview" option. Impact An arbitrary script embedded in an RSS/Atom feed may be executed on the user's...

2.6CVSS6.3AI score0.01803EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/01/20 12:0 a.m.22 views

JVN#38216398: osCommerce vulnerable to directory traversal

osCommerce is an open source system for creating shopping websites. osCommerce contains a directory traversal vulnerability. Impact A remote attacker may access arbitrary files on the server. Solution Update the software Update to the latest version according to the information provided by the...

5CVSS6.5AI score0.096EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/06/20 12:0 a.m.22 views

JVN#43386477: WeblyGo vulnerable to cross-site scripting

WeblyGo is a groupware provided by KAWAI BUSINESS SOFTWARE CO., LTD. KBS. WeblyGo contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by...

4.3CVSS5.9AI score0.01086EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/08/20 12:0 a.m.22 views

JVN#21471805: Winny vulnerable to buffer overflow

Winny is a P2P file sharing software. Winny contains a buffer overflow vulnerability. This vulnerability is different from JVN91740962 and JVN74294680. Impact A remote attacker may be able to execute arbitary code. Solution Do not use Winny Please discontinue use of Winny. Products Affected Winny...

7.5CVSS7.2AI score0.03372EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/04/01 12:0 a.m.22 views

JVN#38687002 Compiere vulnerable to cross-site scripting

Compiere provided by Almas Inc. is an Enterprise Resource Planning ERP and Customer Relationship Management CRM software. Compiere contains a cross-site scripting vulnerability. This vulnerability is different from JVN57963254. Impact An arbitrary script may be executed on the user's web browser...

4.3CVSS5.8AI score0.01528EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/04/16 12:0 a.m.22 views

JVN#82744714 Cross-site scripting vulnerability in apricot.php from LovPop.net

apricot.php from LovPop.net is a software to analyze web access logs. apricot.php contains a cross-site scripting vulnerability. Note that future releases and maintenance of apricot.php ended on March 19, 2009. Users who wish to analyze access logs are recommended to use a different product that...

4.3CVSS6AI score0.01022EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/04/02 12:0 a.m.22 views

JVN#74747784 XOOPS Cube Legacy cross-site scripting vulnerability

XOOPS Cube Legacy from XOOPS Cube Project is an open source contents management system. XOOPS Cube Legacy contains a cross-site scripting vulnerability. According to the developers, a XOOPS Cube Legacy distribution "Hodajuku distribution" and "additional modules" are not affected by this...

6.4AI score
Exploits0
Total number of security vulnerabilities5000