Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/25 12:0 a.m.•16 views

JVN#40523785: Mini Thread vulnerable to cross-site scripting

Mini Thread provided by Flash CGI according to the original report submitted by the reporter is a CGI script for creating a bulletin board system BBS. Mini Thread contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user...

5.4CVSS6.2AI score0.00293EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/01/25 12:0 a.m.•16 views

JVN#24343509: WebSphere Application Server (WAS) vulnerable to cross-site scripting

WebSphere Application Server WAS provided by IBM contains a vulnerability in SnoopServlet, which may result in a cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the patch according to the information provided by the develope...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/10/15 12:0 a.m.•16 views

JVN#23108985: Multiple Cybozu products vulnerable to cross-site scripting

Multiple products groupware etc. provided by Cybozu, Inc. contain a cross-site scripting vulnerablility. This vulnerability is different from JVN50342989, and JVN90712589. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versi...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/10/02 12:0 a.m.•16 views

JVN#84396512 SugarCRM vulnerable to cross-site scripting

SugarCRM is a customer relationship management CRM software. SugarCRM contains a cross-site scripting vulnerability. Impact If a user views a malicious page and clicks the print icon while logged in, an arbitrary script may be executed on the user's web browser. Solution Update the Software Updat...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/09/17 12:0 a.m.•16 views

JVN#39157969 Third-party cookie issue in Opera

Opera contains an issue in which third-party cookies are not handled properly. Please note that this issue only occurs when the user changes the setting for "Accept only cookies from the site I visit" from the default installation of Opera. Impact A remote attacker may be able to trace an user's...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/07/29 12:0 a.m.•16 views

JVN#59748723 MySQL Connector/J vulnerable to SQL injection

MySQL Connector/J from Sun Microsystems is a software that provides access to a MySQL database for client applications written in Java. MySQL Connector/J contains a SQL injection vulnerability. Impact A remote attacker could obtain and modify contents in the database. Solution Update the Software...

7.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/05/13 12:0 a.m.•16 views

JVN#73653977 Sun GlassFish Enterprise Server and Sun Java System Application Server vulnerable to cross-site scripting

Sun GlassFish Enterprise Server and Sun Java System Application Server are application servers from Sun Microsystems. Sun GlassFish Enterprise Server and Sun Java System Application Server contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/04/04 12:0 a.m.•16 views

JVN#21563357 Mozilla Firefox cross-site scripting vulnerability

Mozilla Firefox does not properly handle certain HTML documents in ShiftJIS encoding. According to MFSA 2008-13, this flaw could potentially be used to evade web-site input filters and result in a XSS attack hazard. Impact An arbitrary script may be executed on the user's web browser. Solution...

5.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/01/07 12:0 a.m.•16 views

JVN#08237857 Multiple JustSystems products vulnerable to buffer overflow

Multiple JustSystems products contain a vulnerability which allows a remote attacker to cause buffer overflow when a user opens or views a specially crafted .jtd file. Impact If a user opens a specially crafted .jtd file or views a web page containing a specially crafted .jtd file, arbitrary code...

7.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/11 12:0 a.m.•16 views

JVN#50342989 Multiple Cybozu products vulnerable to cross-site scripting

Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN90712589. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected Cybozu Office 6....

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/11/21 12:0 a.m.•16 views

JVN#55833292 FileMaker cross-site scripting vulnerability

FileMaker is database software from FileMaker, Inc. FileMaker contains a cross-site scripting vulnerability in its "Instant Web Publishing" function that enables users to publish database contents on the web. Impact An attacker could execute an arbitrary script on the web browser of a user who...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/10/25 12:0 a.m.•16 views

JVN#29211062 Ichitaro series buffer overflow vulnerability

The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user. Impact An attacker could...

8.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/09/03 12:0 a.m.•16 views

JVN#43091983 Fulltext search CGI from futomi's CGI Cafe vulnerable to cross-site scripting

Fulltext search CGI, website search software from futomi's CGI Cafe, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected Ver 1.1.0 and...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/06/01 12:0 a.m.•16 views

JVN#19240523 HP System Management Homepage cross-site scripting vulnerability

HP System Management Homepage SMH from Hewlett-Packard is a web-based interface that can manage HP servers. A cross-site scripting vulnerability exists in SMH. It is also confirmed that Compaq System Management Homepage, the product previous to SMH, contains a similar cross-site scripting...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/04/19 12:0 a.m.•16 views

JVN#06735665 Canon Network Camera Server VB100 Series vulnerable to cross-site scripting

Impact An arbitrary script may be executed in the camera server management screen. Solution Products Affected VB100 and VB101 firmware Ver. 3.0 Rev.69 and earlier VB150 firmware Ver. 1.1 Rev.39 and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/18 12:0 a.m.•16 views

JVN#95249468 Fresh Reader RSS feed cross-site scripting vulnerability

Impact An arbitrary script could be executed on the web browser of a Fresh Reader user. Solution Products Affected Fresh Reader Ver 1.0.06053100 and earlier For more information, refer to the vendor's website...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/08/28 12:0 a.m.•16 views

JVN#31125599 Cybozu Office 6 information disclosure vulnerability

Impact A remote attacker could obtain information on registered users and groups. Solution Products Affected Cybozu Office 6 6.51.2 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/08/14 12:0 a.m.•16 views

JVN#27428836 04WebServer directory traversal vulnerability

Impact A remote attacker could bypass a user authentication and view server files. Solution Products Affected v1.83 and earlier...

7.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/06/09 12:0 a.m.•16 views

JVN#39570254 CGI RESCUE WebFORM allows unauthorized email transmission

Impact A remote attacker may send emails to arbitrary addresses. Solution Products Affected WebFORM 4.1 and earlier According to the vendor's information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available...

7.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/06/02 12:0 a.m.•16 views

JVN#62734622 Mozilla Firefox vulnerable to HTTP response splitting

Impact If an user accesses a malicious web page, an attacker could inject scripts into HTTP responses from the other domains. Solution Products Affected Mozilla Firefox 1.5.0.3 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/04/13 12:0 a.m.•16 views

JVN#10222000 QUICK CART OS command injection vulnerability

Impact A remote attacker could execute arbitrary operating system commands on a server running QUICK CART. Solution Products Affected QUICK CART Ver 1 QUICK CART Ver 2 QUICK CART Free QUICK CART Pro QUICK CART Plugin for Movable Type 3.2...

8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/09/01 12:0 a.m.•16 views

JVN#97422426 Hyper NIKKI System cross-site request forgery vulnerability

Impact If a weblog administrator accesses a malicious web page, an attacker could add, alter, or delete the weblog text. If the weblog text is successfully altered, the attacker could perform a cross-site scripting attack to steal cookie information of weblog readers including weblog administrato...

6.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/07/13 12:0 a.m.•16 views

JVN#93926203 Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate

Impact Problems, such as that a Java application using JCE 1.2.1 does not start, may occur after 6:43 JST on July 28, 2005. Java applications using JCE 1.2.1 may not start after 6:43 JST, +0900 on July 28, 2005. Solution Products Affected Java applications using Sun's JCE 1.2.1...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/05/12 12:0 a.m.•16 views

JVN#74012178 Movable Type session management vulnerability

Impact A remote attacker could freely manipulate a web log by posting or deleting blog entries. Solution Products Affected Movable Type 3.151-ja and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/05 5:5 a.m.•15 views

Multiple TP-Link products vulnerable to cleartext transmission of sensitive information

Overview Multiple TP-Link products provided by TP-Link Systems Inc. contain the following vulnerability. Cleartext transmission of sensitive information CWE-319 - CVE-2026-34126 eyegrep and izurina of L Plus LLC reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.5CVSS5.4AI score0.00097EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/28 4:42 a.m.•15 views

Jupyter Server vulnerable to open redirect

Overview Jupyter Server provided by Jupyter Development Team contains the vulnerability listed below. Open redirect CWE-601 - CVE-2025-61669 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA and the developer. JPCERT/CC coordinated with the developer to publish t...

7.4CVSS5.8AI score0.00265EPSS
Exploits1References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/25 6:35 a.m.•15 views

NEC Aterm series vulnerable to OS command injection (NV26-003)

Overview NEC Aterm series products provided by NEC Corporation contain the following vulnerability. OS command injection CWE-78 - CVE-2026-8652 So Kato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

8.5CVSS5.8AI score0.00722EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/14 7:16 a.m.•15 views

WPS Office improper access restriction to its named pipe

Overview WPS Office provided by WPS SOFTWARE PTE. LTD. contains a service program running background and providing certain functionalities to the other programs. This service program uses a named pipe to communicate with the other programs. The named pipe above is not properly protected and any...

7.8CVSS7.3AI score0.00336EPSS
Exploits2References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/08/22 12:0 a.m.•15 views

JVN#75211379: Western Digital Kitfox registers a Windows service with an unquoted file path

Western Digital Kitfox for Windows provided by Western Digital Corporation contains the following vulnerability. Unquoted search path or element CWE-428 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.7...

8.4CVSS7.5AI score0.00155EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/05/12 12:0 a.m.•15 views

JVN#20474768: Reflected cross-site scripting vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor

Web Image Monitor provided by Ricoh Company, Ltd. is an web server included and runs in laser printers and MFPs multifunction printers. Web Image Monitor contains the vulnerability listed below. Reflected cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N...

6.1CVSS6.1AI score0.00614EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/04/01 12:0 a.m.•15 views

JVN#87266215: WordPress plugin "Welcart e-Commerce" vulnerable to untrusted data deserialization

WordPress plugin "Welcart e-Commerce" provided by Welcart Inc. contains an untrusted data deserialization vulnerability CWE-502. Impact Arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the product. Solution Update the plugin Update the plug...

8.8CVSS6.9AI score0.0043EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/17 12:0 a.m.•15 views

JVN#26024080: Multiple vulnerabilities in The LuxCal Web Calendar

The LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. SQL injection in pdf.php CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 7.3 CVE-2025-25221 SQL injection in retrieve.php CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 7.3...

9.8CVSS7.6AI score0.00587EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/08 12:0 a.m.•15 views

JVN#57428125: PLANEX COMMUNICATIONS MZK-DP300N vulnerable to cross-site scripting

MZK-DP300N, wireless LAN router provided by PLANEX COMMUNICATIONS INC., contains a cross-site scripting vulnerability CWE-79. Impact If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when...

4.8CVSS6.2AI score0.00284EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/31 12:0 a.m.•15 views

JVN#87770340: Stack-based buffer overflow vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor

Web Image Monitor provided by Ricoh Company, Ltd. is an web server included and runs in laser printers and MFPs multifunction printers. Web Image Monitor contains a stack-based buffer overflow vulnerability CWE-121 due to inappropriate parsing process of HTTP request. Impact Receiving a specially...

7.7CVSS8.1AI score0.00703EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/18 12:0 a.m.•15 views

JVN#57285747: N-LINE vulnerable to HTML injection

N-LINE provided by NEUMANN CO.LTD. is an online learning management system for driving schools. N-LINE processes inputs with insufficient check CWE-94, and malicious inputs from an student's device may badly impact the instructor's screen. Impact Arbitrary code may be executed on the instructor's...

7.4CVSS7.1AI score0.00219EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/15 12:0 a.m.•15 views

JVN#58721679: SHIRASAGI vulnerable to path traversal

SHIRASAGI provided by SHIRASAGI Project processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability CWE-22. Impact When processing crafted HTTP requests, arbitrary files on the server may be retrieved. Solution Update the software Update the software to the latest...

8.6CVSS7.6AI score0.01016EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/30 12:0 a.m.•15 views

JVN#42445661: Multiple vulnerabilities in Smart-tab

Smart-tab provided by TECHNO SUPPORT COMPANY is a multi-functional guest room tablet system for hotels and other accommodation facilities. Smart-tab contains multiple vulnerabilities listed below. Active debug code CWE-489 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 6.8 CVE-2024-41999...

6.8CVSS5.5AI score0.00261EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/26 12:0 a.m.•15 views

JVN#02030803: ORC vulnerable to stack-based buffer overflow

ORC provided by GStreamer is typically used when developing GStreamer plugins. Stack-based buffer overflow vulnerability CWE-121 exists in orcparse.c of ORC. Impact If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on t...

7CVSS7AI score0.00379EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/17 6:21 a.m.•15 views

Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs

Overview MFPs multifunction printers provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below. Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' CWE-776 - CVE-2024-27141, CVE-2024-27142 Execution with...

9.8CVSS7.5AI score0.26811EPSS
Exploits2References65
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/30 12:0 a.m.•15 views

JVN#80506242: awkblog vulnerable to OS command injection

awkblog provided by Keisuke Nakayama contains an OS command injection vulnerability CWE-78. Impact If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the machine running the product...

9.8CVSS9.7AI score0.01571EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/16 12:0 a.m.•15 views

JVN#58574030: Scanning evasion issue in Cisco Secure Email Gateway

Cisco Secure Email Gateway provides anti-virus scanning facility for e-mail attachments. It was reported that a certain crafted file can evade anti-virus scanning facility. Impact Some malicious contents may evade the scanning facility of the affected product and reach victim recipients. Solution...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 12:0 a.m.•15 views

JVN#20786316: Cryptography API: Next Generation (CNG) vulnerable to denial-of-service (DoS)

Cryptography API: Next Generation CNG contains an issue in BCryptDecrypt, which may result in a denial-of-service DoS. Impact If CNG processes a specially crafted key data, the product may be terminated abnormally. Solution Upgrade Windows According to the developer, CNG included in Windows 8 and...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/30 12:0 a.m.•15 views

JVN#48135658: Multiple routers contain issue in preventing clickjacking attacks

Multiple router products contain an issue in the protection against clickjacking attacks. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Apply a solution Solutions vary depending on the product. Apply the appropriate solution according to...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/13 4:39 a.m.•15 views

Redmine vulnerable to cross-site scripting

Overview Redmine contains a cross-site scripting vulnerability. Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Kousuke Ebihara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.3CVSS6AI score0.01822EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/08/19 12:0 a.m.•15 views

JVN#06924191: Microsoft Windows XP vulnerable to denial-of-service (DoS)

Microsoft Windows XP contains an issue when processing TCP packets, which may result in a denial-of-service DoS. Impact An attacker that can view the TCP communication of its target may cause a denial-of-service DoS. Solution Apply a workaround The following workaround may mitigate the affects of...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/08 12:0 a.m.•15 views

JVN#51325625: Internet Explorer vulnerable to cross-site scripting

Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP encoded characters, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the Software Upgrade to the latest version according to the...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/05 7:56 a.m.•15 views

XnView may insecurely load executable files

Overview XnView may use unsafe methods for determining how to load executables .exe XnView is a software for viewing and converting graphic files. XnView loads certain executables when using the "Open containing folder" function. XnView contains an issue with the file search path, which may...

6.9CVSS7.5AI score0.00344EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/07/24 12:0 a.m.•15 views

JVN#29852698 Cross-site scripting vulnerability in RevoCounter CGI (Animation Counter)

RevoCounter CGI Animation Counter from futomi's CGI Cafe is a software that displays an animated counter on a webpage. RevoCounter CGI Animation Counter contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Softwar...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/03/16 12:0 a.m.•15 views

JVN#23558374 Cross-site scripting vulnerability in Access Analyzer CGI Standard Version (Ver. 3.x)

Access Analyzer CGI Standard Version provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Standard Version Ver. 3.x contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/01/08 12:0 a.m.•15 views

JVN#71945722 Movable Type Enterprise cross-site scripting vulnerability

Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability. This vulnerability is different from JVN02216739. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...

6.5AI score
Exploits0
Total number of security vulnerabilities5000