Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/09/28 12:0 a.m.•21 views

JVN#29428319: WordPress Plugin "OG Tags" vulnerable to cross-site request forgery

WordPress Plugin "OG Tags" provided by Mário Valney contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according...

8.8CVSS8.7AI score0.00716EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/17 5:57 a.m.•21 views

Self-Extracting Archive files created by IExpress may insecurely load Dynamic Link Libraries

Overview Self-extracting archive files created by IExpress provided Microsoft contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directory App Dir DLL planting"...

9.3CVSS7AI score0.09044EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/08 12:0 a.m.•21 views

JVN#78482127: EC-CUBE plugin "Social-button Plugin Premium" and "Social-button Plugin" vulnerable to cross-site scripting

EC-CUBE plugin "Social-button Plugin Premium" and "Social-button Plugin" provided by Cyber-Will Inc. contain a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to th...

6.1CVSS6AI score0.01625EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 12:0 a.m.•21 views

JVN#55801246: baserCMS plugin "Casebook Plugin" multiple vulnerabilities

baserCMS plugin "Casebook Plugin" contains multiple vulnerabilities: Cross-site scripting CWE-79 - CVE-2016-1169 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:L/Au:S/C:N/I:P/A:N| Base Score: 4.0 Cross-site request forger...

8.8CVSS7.4AI score0.01009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/09 12:0 a.m.•21 views

JVN#02671769: phpRechnung vulnerable to SQL injection

phpRechnung is a web-based accounting software. list.php of phpRechnung contains an SQL injection CWE-89 vulnerability. Impact An authenticated attacker may obtain or alter information stored in the database. Solution Update the Software Update to the latest version according to the information...

6.5CVSS6.9AI score0.01061EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/05 12:0 a.m.•21 views

JVN#75720314: Tiki Wiki CMS Groupware vulnerable to SQL injection

Tiki Wiki CMS Groupware Tiki is a content management system CMS. Tiki contains a SQL injection vulnerability. Impact An arbitrary SQL command may be executed in the database the product is referencing. Solution Apply an Update Apply the appropriate update for the version of the software being use...

7.5CVSS7.4AI score0.01868EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/12/20 12:0 a.m.•21 views

JVN#69589791: Boat Browser / Boat Browser Mini vulnerable in the WebView class

Boat Browser and Boat Browser Mini are web browsers for Android devices. Boat Browser and Boat Browser Mini contain a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed...

2.1CVSS6.2AI score0.00341EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/11/14 12:0 a.m.•21 views

JVN#74829345: Multiple Android devices vulnerable to denial-of-service (DoS)

Multiple Android devices contain an issue when referencing specific system area, which may lead to a denial-of-service DoS. Impact The device may crash as a result of accessing a specific file. Solution Update the software Update to the latest version according to the information provided by the...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/08 12:0 a.m.•21 views

JVN#16901583: ChaSen vulnerable to buffer overflow

ChaSen provided by Nara Institute of Science and Technology is a software for morphologically analyzing Japanese. ChaSen contains an issue when reading in strings, which may lead to a buffer overflow. ChaSen legacy project has inherited development of ChaSen since 11/8/2011. Impact An arbitrary...

9.3CVSS6.1AI score0.04153EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/15 12:0 a.m.•21 views

JVN#87908726: ASP.NET vulnerable to cross-site scripting

ASP.NET contains an issue in the handling of session ID's in mobile devices. When "Mobile Controls" are used in ASP.NET to develop web applications for mobile devices, the application may contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/12/08 12:0 a.m.•21 views

JVN#36673836: Movable Type vulnerable to cross-site scripting

Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...

4.3CVSS6AI score0.0125EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/11/06 12:0 a.m.•21 views

JVN#67060882 sISAPILocation vulnerability bypasses HTTP header rewrite function

sISAPILocation, developed by an individual developer, is an ISAPI filter for IIS Internet Information Services. sISAPILocation contains a vulnerability that allows the HTTP header rewrite function to be bypassed. Impact When sISAPILocation is used to configure settings, such as to specify charact...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/21 12:0 a.m.•21 views

JVN#89292430 Cross-site scripting in Sun Java System Web Server and Sun Java System Web Proxy Server

Sun Java System Web Server and Sun Java System Web Proxy Server, which are both web servers, provide a function for a user to view access logs and other records in a web browser. This function is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/05/18 12:0 a.m.•21 views

JVN#92832583 Advance-Flow cross-site scripting vulnerability

Advance-Flow provided by OSK Co. LTD contains a cross-site scripting vulnerability, as it does not properly handle output data. Some application forms are not affected by this vulnerability and some are, depending on the contents of the application forms. Impact An arbitrary script may be execute...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/03/30 12:0 a.m.•21 views

JVN#62399483 Overlay Weaver cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected Overlay Weaver 0.5.9 - 0.5.11 For more information, refer to the vendor's website...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/03/22 12:0 a.m.•21 views

JVN#64227086 NewsGlue and Ikinari Jijyoutsuu arbitrary script execution vulnerability

Impact An arbitrary script could be executed in NewsGlue or Ikinari Jijyoutsuu. Arbitrary files on client PCs could be accessed by an attacker. Solution Products Affected NewsGlue 1.3.3 and earlier Ikinari Jijyoutsuu version 1.0.0 and 1.0.1...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/23 12:0 a.m.•21 views

JVN#32985115 Movable Type cross-site scripting vulnerability

Impact An arbitrary script could be executed on the user's web browser or the display of a web page could be falsified. In addition, an attacker may be able to access a user's cookie allowing them to view sensitive information or hijack an authenticated user's session. Solution Products Affected...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/08/14 12:0 a.m.•21 views

JVN#02091617 04WebServer cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected v1.83 and earlier...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/07/28 12:0 a.m.•21 views

JVN#29273468 QRcode Perl CGI & PHP script vulnerable to denial of service attack

Impact A remote attacker may cause a denial of service DoS attack. Solution Products Affected QRcode Perl/CGI & PHP script ver. 0.50f and earlier including both Perl versions and PHP versions...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/07/20 12:0 a.m.•21 views

JVN#60776919 tDiary cross-site request forgery vulnerability

Impact If a user loads a malicious web page, an attacker could alter or delete the diary text or alter tDiary configurations. In addition, a remote attacker could execute an arbitrary script or command on the web server running tDiary with privileges of the tDiary user. Solution Products Affected...

5.1CVSS6.8AI score0.01911EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/09 12:0 a.m.•20 views

JVN#65724976: WordPress Plugin "Forminator" vulnerable to cross-site scripting

WordPress Plugin "Forminator" provided by WPMU DEV assists building web forms. When accessing the page including the web form created with Forminator, some information from the URL may be embedded to the web form. This feature processes the embedded information improperly, leading to cross-site...

6.1CVSS6.3AI score0.0041EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/30 12:0 a.m.•20 views

JVN#26225832: EC-CUBE plugin (for EC-CUBE 4 series) "EC-CUBE Web API Plugin" vulnerable to stored cross-site scripting

EC-CUBE plugin for EC-CUBE 4 series "EC-CUBE Web API Plugin" provided by EC-CUBE CO.,LTD. contains a stored cross-site scripting vulnerability CWE-79 in OAuth Management feature. Impact When there are multiple users using OAuth Management feature and one of them inputs some crafted value on the...

6.1CVSS5.7AI score0.00271EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/16 12:0 a.m.•20 views

JVN#74825766: Cybozu Garoon vulnerable to cross-site scripting

Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting vulnerability in PDF preview CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the Software Update the software to the latest version according to the information provided by...

5.4CVSS5.3AI score0.00249EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/24 12:0 a.m.•20 views

JVN#56781258: Splunk Config Explorer vulnerable to cross-site scripting

Splunk Config Explorer provided by Chris Younger contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is using the product. Solution Update the software Update the software to the latest version according to...

6.1CVSS5.8AI score0.00256EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/21 12:0 a.m.•20 views

JVN#29471697: Android App "TP-Link Tether" and "TP-Link Tapo" vulnerable to improper server certificate verification

Android App "TP-Link Tether" and "TP-Link Tapo" provided by TP-LINK GLOBAL INC. are vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update the...

4.8CVSS4.8AI score0.00217EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/25 12:0 a.m.•20 views

JVN#69107517: TvRock vulnerable to cross-site scripting

TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user accessing the website th...

6.1CVSS6.1AI score0.00313EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/01 12:0 a.m.•20 views

JVN#41129639: Payment EX vulnerable to information disclosure

Payment EX provided by Simplesite contains an information disclosure vulnerability CWE-200. Impact A remote unauthenticated attacker may obtain the information of the user who purchases merchandise using Payment EX. Solution Update the Software Update the software to the latest version according ...

7.5CVSS6.4AI score0.00571EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/10 12:0 a.m.•20 views

JVN#53880182: TVer App for Android fails to verify SSL server certificates

TVer App for Android provided by PRESENTCAST INC. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by the...

5.9CVSS5.5AI score0.00667EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 5:39 a.m.•20 views

ManageEngine ServiceDesk Plus vulnerable to cross-site scripting

Overview ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus contains a stored cross-site scripting CWE-79 vulnerability. Akihito Mukai and Tomoshige Hasegawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

5.4CVSS5.9AI score0.01927EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/02 12:0 a.m.•20 views

JVN#65668004: Dotclear vulnerable to cross-site scripting

Dotclear is a weblog software. Dotclear contains a cross-site scripting vulnerability. Impact If a user views a specially crafted page while logged in, an arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the...

4.3CVSS6AI score0.0121EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/29 12:0 a.m.•20 views

JVN#20355129: niconico App for iOS fails to verify SSL server certificates

niconico App for iOS provided by DWANGO Co., Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the...

7.4CVSS7.1AI score0.00945EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/05/25 12:0 a.m.•20 views

JVN#47662377: Sybase EAServer vulnerable to cross-site scripting

EAServer provided by Sybase is an application server. EAServer contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/01/13 2:53 a.m.•20 views

Aipo vulnerable to SQL injection

Overview Aipo contains SQL injection vulnerability. Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability. Impact Contents that are managed by Aipo may be viewed by a user that can login to Aipo. Solution...

7.5CVSS7.6AI score0.01299EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/08/21 12:0 a.m.•20 views

JVN#31723154 LacoodaST from SpaceTag, Inc. session fixation vulnerability

LacoodaST from SpaceTag, Inc. is groupware providing schedule and task managements, etc. LacoodaST contains a session fixation vulnerability. Impact A remote attacker impersonating a logged in user could manipulate the operation with the user's privilege. As a result, disclosure or alteration of...

9.1CVSS6.2AI score0.0133EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/07/23 12:0 a.m.•20 views

JVN#72065744 K's CGI Access Log Kaiseki (Jcode.pm) vulnerable to cross-site scripting

K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki Jcode.pm contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update...

4.3CVSS5.9AI score0.01263EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/30 12:0 a.m.•20 views

JVN#43906021 WEB MART from KENT WEB vulnerable to cross-site scripting

WEB MART provided by KENT WEB is shopping cart software. WEB MART contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor. Products Affected WEB MART 1.61 and...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/01/28 12:0 a.m.•20 views

JVN#01162446 Cross-site scripting vulnerabilities in multiple Hal Networks shopping cart products

Multiple Hal Networks shopping cart software products are vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. For more information, refer to the vendor's website...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/11/09 12:0 a.m.•20 views

JVN#99453765 Cross-site scripting vulnerability in updir.php in UPDIR.NET

updir.php from UPDIR.NET is software for publishing and managing image files, etc. on web servers. By installing updir.php on a web server, users are able to upload image files, etc. on the web server and publish and manage the uploaded files. updir.php contains a cross-site scripting vulnerabili...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/10/25 12:0 a.m.•20 views

JVN#50495547 Ichitaro series buffer overflow vulnerability

The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user. Impact An attacker could...

8.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/07/31 12:0 a.m.•20 views

JVN#43615794 Yayoi Kaikei improper handling of credential information

Yayoi Kaikei Quick Navigator makes the user log into the vendor's server, and sends the user credentials unencrypted. Impact By monitoring the communication between Quick Navigator and the vendor's server, an attacker can obtain the customer number and the phone number to impersonate the user on...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/27 12:0 a.m.•20 views

JVN#74063879 sHTTPd cross-site scripting vulnerability

sHTTPd provided by anekos is a web server for Windows. sHTTPd contains a cross-site scripting vunerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the developer. Products Affected sHTTPd version...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/21 12:0 a.m.•20 views

JVN#90438169 RaidenHTTPD cross-site scripting vulnerability

RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG. RaidenHTTPD contains a cross-site scripting vulnerability. Impact Arbitrary code could be executed on the user's web browser. Solution Update the Software Apply the update provided by the vendor. For more information,...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/12/05 12:0 a.m.•20 views

JVN#47272891 Hanako buffer overflow vulnerability

Impact An arbitrary code could be executed on the PCs of Hanako user, if the user opens a specially crafted Hanako file sent by a remote attacker. Solution Products Affected Hanako 2004 Hanako 2005 Hanako 2006 Hanako Viewer 1.0 For more information, refer to the vendor's website...

7.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/10/20 12:0 a.m.•20 views

JVN#63999575 NEC MultiWriter 1700C web server authentication bypass vulnerability

Impact A remote attacker could change the system configuration of the printer's built-in web server. Solution Products Affected NEC MultiWriter 1700C model number: PR-L1700C Network Expansion Card PR-L1700C-MC For more information, refer to the vendor's website...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/04/17 12:0 a.m.•20 views

JVN#35274905 FreeStyleWiki cross-site scripting vulnerability

Impact An rbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected FreeStyleWiki 3.5.10 and earlier...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/12/20 12:0 a.m.•20 views

JVN#87830692 WebNote Clip vulnerable to OS command injection

Impact An attacker could execute an arbitrary OS command on the server with WebNote Clip installed. Solution Products Affected WebNote Clip 4.1.7 and earlier...

7.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/12/09 12:0 a.m.•20 views

JVN#15243167 Problem with referer header handling on mobile phone web browsers

Impact Referer information may be unintendedly sent to a server under certain operating conditions. Solution Products Affected For more information, refer to the vendors' websites...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/25 2:39 a.m.•19 views

Security information for Hitachi Disk Array Systems

Overview CVE-2026-23667 | Broadcast DVR Elevation of Privilege Vulnerability CVE-2026-23668 | Windows Graphics Component Elevation of Privilege Vulnerability CVE-2026-23669 | Windows Print Spooler Remote Code Execution Vulnerability CVE-2026-23671 | Windows Bluetooth RFCOM Protocol Driver Elevati...

8.8CVSS7AI score0.04491EPSS
Exploits8References43
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/20 6:21 a.m.•19 views

Movable Type vulnerable to missing authorization

Overview Movable Type provided by Six Apart Ltd. contains the following vulnerability. Missing authorization CWE-862 - CVE-2026-44392 Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information...

5.3CVSS5.8AI score0.00249EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/13 6:41 a.m.•19 views

Android App "Anshin Filter for au" vulnerable to cleartext transmission of sensitive information

Overview Android App "Anshin Filter for au" provided by KDDI CORPORATION contains the following vulnerability. Cleartext transmission of sensitive information CWE-319 - CVE-2026-41281 Impact A man-in-the-middle attacker may access and modify communications transmitted in plaintext, potentially...

6.3CVSS5.8AI score0.00092EPSS
Exploits0References4
Total number of security vulnerabilities5000