Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/12/07 12:0 a.m.24 views

JVN#79762947 EC-CUBE information disclosure vulnerability

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability. Impact A remote attacker may be able to obtain customer data that is saved by EC-CUBE. Solution Update the Software Apply the latest updates provided by...

5CVSS6.1AI score0.01524EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/11/19 12:0 a.m.24 views

JVN#01245481 Redmine vulnerable to cross-site scripting

Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. As a result, cookie information may be leaked and could lead to session hijacking or user impersonation. Solution Update the...

4.3CVSS5.8AI score0.01523EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/03/10 12:0 a.m.24 views

JVN#84899898 MP Form Mail CGI vulnerability allows third party to gain administrative privileges

MP Form Mail CGI from futomi's CGI Cafe is a software for sending contents entered into an HTML form via email. MP Form Mail CGI contains a vulnerability that allows an attacker to gain administrative privileges. Impact A remote attacker could impersonate an administrator of MP Form Mail CGI...

7.5CVSS6.4AI score0.017EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/02/23 12:0 a.m.24 views

JVN#16767117 Buffer overflow vulnerability in ActiveX Control for Sony SNC series network cameras

The ActiveX Control for Sony SNC series network cameras is a software to monitor images over the network using a web browser. This ActiveX Control contains a heap-based buffer overflow vulnerability triggered by the improper processing of some configuration variables. Impact A remote attacker cou...

10CVSS7.4AI score0.16067EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/12/03 12:0 a.m.24 views

JVN#02216739 Movable Type Enterprise cross-site scripting vulnerability

Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability. This vulnerability is different from JVN30385652 and JVN81490697. Impact An arbitrary script may be executed on an user's web browser. Solution Update the Software Update...

4.3CVSS6AI score0.01223EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/10/17 12:0 a.m.24 views

JVN#67334580 hisa_cart information disclosure vulnerability

hisacart from Hisanaga Electric Co.Ltd is a shopping cart module for XOOPS. hisacart contains a vulnerability allowing the disclosure of users' information. Impact A remote attacker could obtain information of registered users. Solution Update the Software An update is being distributed to...

5CVSS6.2AI score0.01442EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/08/26 12:0 a.m.24 views

JVN#27417220 mysql-lists from AquaGardenSoft Co.,Ltd. vulnerable to cross-site scripting

mysql-lists from AquaGardenSoft Co.,Ltd. is software to show MySQL data on the web browser. mysql-lists contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor...

4.3CVSS6AI score0.01065EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/07/31 12:0 a.m.24 views

JVN#33706820 Multiple Panasonic Communications Co., Ltd. network cameras vulnerable to cross-site scripting

Panasonic Communications Co., Ltd. network camera BL-C111/131 and BB-HCM511/531/580/581/527/515 error pages contain a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the...

4.3CVSS6AI score0.01223EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/06/25 12:0 a.m.24 views

JVN#36635562 nProtect : Netizen denial of service (DoS) vulnerability

nProtect : Netizen from NetMove Corporation is security software that works only while communicating with specific web pages. nProtect : Netizen contains a denial of service DoS vulnerability. Impact An remote attacker could disable nProtect : Netizen by convincing a user to open a specially...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/03/16 12:0 a.m.24 views

JVN#19795972: FENCE-Pro and Systemwalker Desktop Encryption self-decoding file vulnerability

Impact The third party could view the contents of self-decoding files and obtain the passwords used for the encryption of the files. Solution Products Affected All version levels of FENCE-Pro excluding V5 V5L01 Systemwalker Desktop Encryption: V12.0L10, V12.0L10A, V12.0L10B, V12.0L20, V13.0.0 For...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2005/12/05 12:0 a.m.24 views

JVN#67001206 Multiple vulnerabilities in FreeStyleWiki including cross-site scripting

Impact A malicious script may be executed on the user's web browser. Furthermore, a combination of the vulnerabilities can be exploited to create a new user with administrative privileges when a FreeStyleWiki administrator logs into it with administrative privileges and views a Wiki page which is...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/04/25 12:0 a.m.23 views

JVN#82536398: Multiple vulnerabilities in Quick Agent

Quick Agent provided by SIOS Technology, Inc. is a Windows application for the following Ricoh MFPs' multifunction printers scan solutions. Quick Scan Easy FAX Speedoc Smart eco FAX Quick Agent contains multiple vulnerabilities listed below. Path traversal vulnerability in the file upload functio...

9.2CVSS7.6AI score0.00777EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/03/26 12:0 a.m.23 views

JVN#39026557: Multiple vulnerabilities in PowerCMS

PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Injection CWE-74 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 5.3 CVE-2025-29993 The product improperly processes HTTP headers. Dependency on vulnerable third-party component CWE-1395 jQuery Validation...

7.5CVSS7.2AI score0.03532EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/29 12:0 a.m.23 views

JVN#23528780: "Yahoo! JAPAN" App vulnerable to cross-site scripting

"Yahoo! JAPAN" App provided by LY Corporation contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the WebView of "Yahoo! JAPAN" App via other app installed on the user's device. Solution Update the application Update the application to the latest...

6.1CVSS5.6AI score0.00314EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/12/13 12:0 a.m.23 views

JVN#18715935: Multiple vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the presentation feature CWE-79 - CVE-2023-42436 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

6.5CVSS6AI score0.0045EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/07 12:0 a.m.23 views

JVN#42527152: "FFRI yarai" and "FFRI yarai Home and Business Edition" handle exceptional conditions improperly

"FFRI yarai" and "FFRI yarai Home and Business Edition" provided by FFRI Security, Inc. handle exceptional conditions improperly CWE-703. When the product's Windows Defender management feature is enabled, and Microsoft Defender detects some files matching specific conditions as a threat, the...

3.3CVSS3.8AI score0.00285EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/05/31 12:0 a.m.23 views

JVN#62111727: Pleasanter vulnerable to cross-site scripting

Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the software or apply the patch Update the software to the latest version according to the information provided by...

5.4CVSS5.5AI score0.00671EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/05/08 12:0 a.m.23 views

JVN#01937209: LINE WORKS Drive Explorer vulnerable to code injection

LINE WORKS Drive Explorer provided by WORKS MOBILE Japan Corp. contains a code injection vulnerability CWE-94. Impact An attacker who can login to the client where the affected product is installed may inject arbitrary code while processing the product execution. Since a full disk access privileg...

9.8CVSS9.5AI score0.00576EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/04/19 12:0 a.m.23 views

JVN#99657911: WordPress plugin "LIQUID SPEECH BALLOON” vulnerable to cross-site request forgery

WordPress plugin "LIQUID SPEECH BALLOON” provided by LIQUID DESIGN Ltd. contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Software Update the Software to the latest...

8.8CVSS8.6AI score0.00457EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/12/26 12:0 a.m.23 views

JVN#90813656: Wireshark for Windows issue where an arbitrary file may be deleted

Wireshark for Windows uses a software updating library called WinSparkle. Wireshark for Windows contains an issue where an arbitrary directory of file may be deleted due to an issue contained in WinSparkle JVN96681653. Impact An arbitrary directory or file may be deleted with the privileges of th...

7.8CVSS7.6AI score0.02594EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/02/19 12:0 a.m.23 views

JVN#69854312: baserCMS vulnerable to OS command injection

baserCMS is an open-source Contents Management System CMS. baserCMS contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed on the server by a logged in attacker. Solution Update the Software Update to the latest version according to the information...

6.5CVSS6.6AI score0.01056EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/01/29 12:0 a.m.23 views

JVN#03050861: EXPRESSCLUSTER X vulnerable to directory traversal

EXPRESSCLUSTER X from NEC Corporation is software to provide high availability HA clustering. EXPRESSCLUSTER X contains an issue in WebManager, which may lead to directory traversal. Impact Arbitrary files on the server may be viewed by an attacker who can access to the WebManager. Solution Updat...

7.8CVSS7.4AI score0.03821EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/04/09 12:0 a.m.23 views

JVN#02527990: Lhaplus vulnerable to directory traversal

Lhaplus is a file compression/decompression software. Lhaplus contains an issue in processing file names, which may result in a directory traversal vulnerability. Impact Decompressing a file with a specially crafted file name may result in a creation of an arbitrary file or an overwrite of an...

5.8CVSS6.4AI score0.0156EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/12/04 12:0 a.m.23 views

JVN#12798709: KENT-WEB Clip Board vulnerable to cross-site scripting

KENT-WEB Clip Board is a bulletin board software that a user can upload binary files such as image files. Clip Board contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...

4.3CVSS5.8AI score0.01193EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/09/09 12:0 a.m.23 views

JVN#73357573: Movable Type vulnerable to cross-site scripting

Movable Type contains an issue in processing the management page, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed or a false form may be displayed on the administrator's web browser. Solution Update the software Update to the latest version...

3.5CVSS5.7AI score0.00967EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/08/12 12:0 a.m.23 views

JVN#07957080: Dominion KX2-101 vulnerable to denial-of-service (DoS)

Dominion KX2-101 provided by Raritan Japan, Inc. is a KVM-over-IP switch. Dominion KX2-101 contains a denial-of-service DoS vulnerability. Impact By receiving a specially crafted packet, the product may be forced to stop responding. Solution Upgrade to Dominion KX2-101 V2 The vulnerability has be...

7.8CVSS6.4AI score0.02271EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/08/08 12:0 a.m.23 views

JVN#87962145: Piwigo vulnerable to SQL injection

Piwigo is a software to manage and host image files on the web. Piwigo contains a SQL injection vulnerability. Impact An authenticated attacker may obtain information stored in the database. Solution Apply a patch Apply the patch according to the information provided by the developer. According t...

6.5CVSS6.4AI score0.01007EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/07/25 12:0 a.m.23 views

JVN#30281958: Arbitrary program execution vulnerability in TrendLink ActiveX control

TrendLink provided by Canary Labs is a tool to help visualize data for analysis. The SaveToFile method provided in the ActiveX control in TrendLink contains a vulnerability where file creation is not properly restricted. Impact A remote attacker may create an arbitrary file on the system and as a...

8.5CVSS6.8AI score0.0129EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/11/22 12:0 a.m.23 views

JVN#65312543: D-Link DES-3800 Series vulnerable to denial-of-service (DoS)

DES-3800 Series provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in the implementation of SSH. Impact A user who can login using SSH may cause the product to stop responding. Solution Update the Firmware Update to the latest version of firmware according to...

6.8CVSS6AI score0.01198EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/08/30 12:0 a.m.23 views

JVN#15973066: EC-CUBE vulnerable to directory traversal when used in Windows

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability when used in Windows. Impact A remote attacker may obtain arbitrary files on the server. Solution Apply the update or patch Apply the update or patch accordin...

5CVSS6.6AI score0.02098EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/05/29 12:0 a.m.23 views

JVN#22756333: Sleipnir Mobile for Android vulnerable to address bar spoofing

Sleipnir Mobile for Android contains an issue when opening a new window, which may result in the address bar being spoofed. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution Update the software Update to the latest...

5.8CVSS6.1AI score0.01528EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/05/23 12:0 a.m.23 views

JVN#45306814: EC-CUBE fails to restrict access permissions

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a URL handling issue in certain environments and as a result, access permissions are not restricted. Impact A remote, unauthenticated attacker may access the management screen. Solution Apply th...

4.3CVSS6.4AI score0.01792EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/07/03 12:0 a.m.23 views

JVN#05102851: Yome Collection for Android issue in management of IMEI

Yome Collection for Android contains an issue which stores the International Mobile Equipment Identity IMEI on a SD card. Applications without the READPHONESTATE permission may obtain the IMEI from the SD card. Impact If a user of the affected product uses a malicious Android application, the IME...

5CVSS6.4AI score0.01369EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/03/13 4:39 a.m.23 views

Redmine vulnerable to cross-site scripting

Overview Redmine contains a cross-site scripting vulnerability. Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Kousuke Ebihara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.3CVSS6AI score0.01822EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/02/15 8:14 a.m.23 views

cforms II vulnerable to cross-site scripting

Overview cforms II contains a cross-site scripting vulnerability. cforms II provided by delicious days is a plugin for WordPress. cforms II contains a cross-site scripting vulnerability. Kousuke Ebihara and Yuya Watanabe of Tejimaya.inc reported this vulnerability to IPA. JPCERT/CC coordinated wi...

4.3CVSS6.1AI score0.04285EPSS
Exploits3References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/12/02 12:0 a.m.23 views

JVN#61695284: PowerChute Business Edition vulnerable to cross-site scripting

PowerChute Business Edition from Schneider Electric is a power management software. PowerChute Business Edition contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the software Upgrade to the latest version accordin...

4.3CVSS5.7AI score0.00921EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/06/20 12:0 a.m.23 views

JVN#43386477: WeblyGo vulnerable to cross-site scripting

WeblyGo is a groupware provided by KAWAI BUSINESS SOFTWARE CO., LTD. KBS. WeblyGo contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by...

4.3CVSS5.9AI score0.01086EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/08/20 12:0 a.m.23 views

JVN#21471805: Winny vulnerable to buffer overflow

Winny is a P2P file sharing software. Winny contains a buffer overflow vulnerability. This vulnerability is different from JVN91740962 and JVN74294680. Impact A remote attacker may be able to execute arbitary code. Solution Do not use Winny Please discontinue use of Winny. Products Affected Winny...

7.5CVSS7.2AI score0.03372EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/12/09 12:0 a.m.23 views

JVN#49602378 SEIL/B1 authentication issue

The PPP Access Concentrator PPPAC function within SEIL/B1 contains an issue in the CHAP and MS-CHAP-V2 authentication processes, the same challenge value is repeatedly used for each authentication attempt. Impact A third party may be able to perform replay attacks. As a result, the third party ma...

2.6CVSS6.6AI score0.01356EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/04/16 12:0 a.m.23 views

JVN#82744714 Cross-site scripting vulnerability in apricot.php from LovPop.net

apricot.php from LovPop.net is a software to analyze web access logs. apricot.php contains a cross-site scripting vulnerability. Note that future releases and maintenance of apricot.php ended on March 19, 2009. Users who wish to analyze access logs are recommended to use a different product that...

4.3CVSS6AI score0.01022EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/01/09 12:0 a.m.23 views

JVN#10170564 MODx cross-site scripting vulnerability

MODx, an open source contents management system, contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. Products Affected MODx 0.9.6.2 and earlier...

4.3CVSS6.2AI score0.01065EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/06/27 12:0 a.m.23 views

JVN#44532794 rktSNS cross-site scripting vulnerability

rktSNS, provided by rakuto.net, is open source software for community site construction. rktSNS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the update provided by the developer. For more...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/04/01 5:20 a.m.22 views

WordPress plugin "Welcart e-Commerce" vulnerable to untrusted data deserialization

Overview WordPress plugin "Welcart e-Commerce" provided by Welcart Inc. contains an untrusted data deserialization vulnerability CWE-502. Hiroshi Sawada of CrowdStrike Holdings, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

8.8CVSS7.1AI score0.0043EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/08/23 12:0 a.m.22 views

JVN#12824024: BUFFALO wireless LAN routers and wireless LAN repeaters vulnerable to OS command injection

Wireless LAN routers and wireless LAN repeaters provided by BUFFALO INC. contain an OS command injection vulnerability CWE-78. Impact If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS...

5.7CVSS5.8AI score0.00595EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/07/29 12:0 a.m.22 views

JVN#84326763: Multiple vulnerabilities in SKYSEA Client View

SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains multiple vulnerabilities listed below. Improper access control in the specific process CWE-266 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2024-41139 Origin...

7.8CVSS8.1AI score0.00501EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/06/07 12:0 a.m.22 views

JVN#79213252: WordPress Plugin "Music Store - WordPress eCommerce" vulnerable to SQL injection

WordPress Plugin "Music Store - WordPress eCommerce" provided by CodePeople contains an SQL injection vulnerability CWE-89. Impact A user of the product with the administrator privilege may execute an arbitrary SQL command. Information stored in the database may be obtained or altered by the user...

6.5CVSS7.1AI score0.00519EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/05/24 12:0 a.m.22 views

JVN#35838128: WordPress Plugin "WP Booking" vulnerable to cross-site scripting

WordPress Plugin "WP Booking" provided by aviplugins.com contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the web site using the product. Solution Update the plugin Update the plugin to the late...

4.7CVSS8.7AI score0.0037EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/25 12:0 a.m.22 views

JVN#17176449: ffBull vulnerable to OS command injection

ffBull according to the original report submitted by the reporter provided by Fortunefield is a bulletin board system BBS. ffBull contains an OS command injection vulnerability CWE-78. Impact A remote unauthenticated attacker may execute an arbitrary OS command with the privilege of the running w...

9.8CVSS9.9AI score0.01284EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/02/29 12:0 a.m.22 views

JVN#78084105: OpenPNE plugin "opTimelinePlugin" vulnerable to cross-site scripting

OpenPNE plugin "opTimelinePlugin" provided by OpenPNE Project contains a stored cross-site scripting vulnerability CWE-79 in Edit Profile page. Impact On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed ...

5.4CVSS5.6AI score0.0034EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/01/23 12:0 a.m.22 views

JVN#40049211: Improper restriction of XML external entity references (XXE) in Electronic Deliverables Creation Support Tool provided by Ministry of Defense

Electronic Deliverables Creation Support Tool provided by Ministry of Defense improperly restricts XML external entity references XXE CWE-611. Impact Processing a specially crafted XML file may lead to exposure of internal files on the system. Solution Update the Software Update the software to t...

5.5CVSS5.3AI score0.00195EPSS
Exploits0
Total number of security vulnerabilities5000