5625 matches found
JVN#40523785: Mini Thread vulnerable to cross-site scripting
Mini Thread provided by Flash CGI according to the original report submitted by the reporter is a CGI script for creating a bulletin board system BBS. Mini Thread contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user...
JVN#24343509: WebSphere Application Server (WAS) vulnerable to cross-site scripting
WebSphere Application Server WAS provided by IBM contains a vulnerability in SnoopServlet, which may result in a cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the patch according to the information provided by the develope...
JVN#23108985: Multiple Cybozu products vulnerable to cross-site scripting
Multiple products groupware etc. provided by Cybozu, Inc. contain a cross-site scripting vulnerablility. This vulnerability is different from JVN50342989, and JVN90712589. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versi...
JVN#84396512 SugarCRM vulnerable to cross-site scripting
SugarCRM is a customer relationship management CRM software. SugarCRM contains a cross-site scripting vulnerability. Impact If a user views a malicious page and clicks the print icon while logged in, an arbitrary script may be executed on the user's web browser. Solution Update the Software Updat...
JVN#39157969 Third-party cookie issue in Opera
Opera contains an issue in which third-party cookies are not handled properly. Please note that this issue only occurs when the user changes the setting for "Accept only cookies from the site I visit" from the default installation of Opera. Impact A remote attacker may be able to trace an user's...
JVN#59748723 MySQL Connector/J vulnerable to SQL injection
MySQL Connector/J from Sun Microsystems is a software that provides access to a MySQL database for client applications written in Java. MySQL Connector/J contains a SQL injection vulnerability. Impact A remote attacker could obtain and modify contents in the database. Solution Update the Software...
JVN#73653977 Sun GlassFish Enterprise Server and Sun Java System Application Server vulnerable to cross-site scripting
Sun GlassFish Enterprise Server and Sun Java System Application Server are application servers from Sun Microsystems. Sun GlassFish Enterprise Server and Sun Java System Application Server contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web...
JVN#21563357 Mozilla Firefox cross-site scripting vulnerability
Mozilla Firefox does not properly handle certain HTML documents in ShiftJIS encoding. According to MFSA 2008-13, this flaw could potentially be used to evade web-site input filters and result in a XSS attack hazard. Impact An arbitrary script may be executed on the user's web browser. Solution...
JVN#08237857 Multiple JustSystems products vulnerable to buffer overflow
Multiple JustSystems products contain a vulnerability which allows a remote attacker to cause buffer overflow when a user opens or views a specially crafted .jtd file. Impact If a user opens a specially crafted .jtd file or views a web page containing a specially crafted .jtd file, arbitrary code...
JVN#50342989 Multiple Cybozu products vulnerable to cross-site scripting
Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN90712589. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected Cybozu Office 6....
JVN#55833292 FileMaker cross-site scripting vulnerability
FileMaker is database software from FileMaker, Inc. FileMaker contains a cross-site scripting vulnerability in its "Instant Web Publishing" function that enables users to publish database contents on the web. Impact An attacker could execute an arbitrary script on the web browser of a user who...
JVN#29211062 Ichitaro series buffer overflow vulnerability
The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user. Impact An attacker could...
JVN#43091983 Fulltext search CGI from futomi's CGI Cafe vulnerable to cross-site scripting
Fulltext search CGI, website search software from futomi's CGI Cafe, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected Ver 1.1.0 and...
JVN#19240523 HP System Management Homepage cross-site scripting vulnerability
HP System Management Homepage SMH from Hewlett-Packard is a web-based interface that can manage HP servers. A cross-site scripting vulnerability exists in SMH. It is also confirmed that Compaq System Management Homepage, the product previous to SMH, contains a similar cross-site scripting...
JVN#06735665 Canon Network Camera Server VB100 Series vulnerable to cross-site scripting
Impact An arbitrary script may be executed in the camera server management screen. Solution Products Affected VB100 and VB101 firmware Ver. 3.0 Rev.69 and earlier VB150 firmware Ver. 1.1 Rev.39 and earlier...
JVN#95249468 Fresh Reader RSS feed cross-site scripting vulnerability
Impact An arbitrary script could be executed on the web browser of a Fresh Reader user. Solution Products Affected Fresh Reader Ver 1.0.06053100 and earlier For more information, refer to the vendor's website...
JVN#31125599 Cybozu Office 6 information disclosure vulnerability
Impact A remote attacker could obtain information on registered users and groups. Solution Products Affected Cybozu Office 6 6.51.2 and earlier...
JVN#27428836 04WebServer directory traversal vulnerability
Impact A remote attacker could bypass a user authentication and view server files. Solution Products Affected v1.83 and earlier...
JVN#39570254 CGI RESCUE WebFORM allows unauthorized email transmission
Impact A remote attacker may send emails to arbitrary addresses. Solution Products Affected WebFORM 4.1 and earlier According to the vendor's information, FORM2MAIL also contains a similar vulnerability, and the fixed version of FORM2MAIL is available...
JVN#62734622 Mozilla Firefox vulnerable to HTTP response splitting
Impact If an user accesses a malicious web page, an attacker could inject scripts into HTTP responses from the other domains. Solution Products Affected Mozilla Firefox 1.5.0.3 and earlier...
JVN#10222000 QUICK CART OS command injection vulnerability
Impact A remote attacker could execute arbitrary operating system commands on a server running QUICK CART. Solution Products Affected QUICK CART Ver 1 QUICK CART Ver 2 QUICK CART Free QUICK CART Pro QUICK CART Plugin for Movable Type 3.2...
JVN#97422426 Hyper NIKKI System cross-site request forgery vulnerability
Impact If a weblog administrator accesses a malicious web page, an attacker could add, alter, or delete the weblog text. If the weblog text is successfully altered, the attacker could perform a cross-site scripting attack to steal cookie information of weblog readers including weblog administrato...
JVN#93926203 Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate
Impact Problems, such as that a Java application using JCE 1.2.1 does not start, may occur after 6:43 JST on July 28, 2005. Java applications using JCE 1.2.1 may not start after 6:43 JST, +0900 on July 28, 2005. Solution Products Affected Java applications using Sun's JCE 1.2.1...
JVN#74012178 Movable Type session management vulnerability
Impact A remote attacker could freely manipulate a web log by posting or deleting blog entries. Solution Products Affected Movable Type 3.151-ja and earlier...
Multiple TP-Link products vulnerable to cleartext transmission of sensitive information
Overview Multiple TP-Link products provided by TP-Link Systems Inc. contain the following vulnerability. Cleartext transmission of sensitive information CWE-319 - CVE-2026-34126 eyegrep and izurina of L Plus LLC reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Jupyter Server vulnerable to open redirect
Overview Jupyter Server provided by Jupyter Development Team contains the vulnerability listed below. Open redirect CWE-601 - CVE-2025-61669 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA and the developer. JPCERT/CC coordinated with the developer to publish t...
NEC Aterm series vulnerable to OS command injection (NV26-003)
Overview NEC Aterm series products provided by NEC Corporation contain the following vulnerability. OS command injection CWE-78 - CVE-2026-8652 So Kato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
WPS Office improper access restriction to its named pipe
Overview WPS Office provided by WPS SOFTWARE PTE. LTD. contains a service program running background and providing certain functionalities to the other programs. This service program uses a named pipe to communicate with the other programs. The named pipe above is not properly protected and any...
JVN#75211379: Western Digital Kitfox registers a Windows service with an unquoted file path
Western Digital Kitfox for Windows provided by Western Digital Corporation contains the following vulnerability. Unquoted search path or element CWE-428 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.7...
JVN#20474768: Reflected cross-site scripting vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor
Web Image Monitor provided by Ricoh Company, Ltd. is an web server included and runs in laser printers and MFPs multifunction printers. Web Image Monitor contains the vulnerability listed below. Reflected cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N...
JVN#87266215: WordPress plugin "Welcart e-Commerce" vulnerable to untrusted data deserialization
WordPress plugin "Welcart e-Commerce" provided by Welcart Inc. contains an untrusted data deserialization vulnerability CWE-502. Impact Arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the product. Solution Update the plugin Update the plug...
JVN#26024080: Multiple vulnerabilities in The LuxCal Web Calendar
The LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. SQL injection in pdf.php CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 7.3 CVE-2025-25221 SQL injection in retrieve.php CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 7.3...
JVN#57428125: PLANEX COMMUNICATIONS MZK-DP300N vulnerable to cross-site scripting
MZK-DP300N, wireless LAN router provided by PLANEX COMMUNICATIONS INC., contains a cross-site scripting vulnerability CWE-79. Impact If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when...
JVN#87770340: Stack-based buffer overflow vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor
Web Image Monitor provided by Ricoh Company, Ltd. is an web server included and runs in laser printers and MFPs multifunction printers. Web Image Monitor contains a stack-based buffer overflow vulnerability CWE-121 due to inappropriate parsing process of HTTP request. Impact Receiving a specially...
JVN#57285747: N-LINE vulnerable to HTML injection
N-LINE provided by NEUMANN CO.LTD. is an online learning management system for driving schools. N-LINE processes inputs with insufficient check CWE-94, and malicious inputs from an student's device may badly impact the instructor's screen. Impact Arbitrary code may be executed on the instructor's...
JVN#58721679: SHIRASAGI vulnerable to path traversal
SHIRASAGI provided by SHIRASAGI Project processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability CWE-22. Impact When processing crafted HTTP requests, arbitrary files on the server may be retrieved. Solution Update the software Update the software to the latest...
JVN#42445661: Multiple vulnerabilities in Smart-tab
Smart-tab provided by TECHNO SUPPORT COMPANY is a multi-functional guest room tablet system for hotels and other accommodation facilities. Smart-tab contains multiple vulnerabilities listed below. Active debug code CWE-489 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 6.8 CVE-2024-41999...
JVN#02030803: ORC vulnerable to stack-based buffer overflow
ORC provided by GStreamer is typically used when developing GStreamer plugins. Stack-based buffer overflow vulnerability CWE-121 exists in orcparse.c of ORC. Impact If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on t...
Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs
Overview MFPs multifunction printers provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below. Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' CWE-776 - CVE-2024-27141, CVE-2024-27142 Execution with...
JVN#80506242: awkblog vulnerable to OS command injection
awkblog provided by Keisuke Nakayama contains an OS command injection vulnerability CWE-78. Impact If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the machine running the product...
JVN#58574030: Scanning evasion issue in Cisco Secure Email Gateway
Cisco Secure Email Gateway provides anti-virus scanning facility for e-mail attachments. It was reported that a certain crafted file can evade anti-virus scanning facility. Impact Some malicious contents may evade the scanning facility of the affected product and reach victim recipients. Solution...
JVN#20786316: Cryptography API: Next Generation (CNG) vulnerable to denial-of-service (DoS)
Cryptography API: Next Generation CNG contains an issue in BCryptDecrypt, which may result in a denial-of-service DoS. Impact If CNG processes a specially crafted key data, the product may be terminated abnormally. Solution Upgrade Windows According to the developer, CNG included in Windows 8 and...
JVN#48135658: Multiple routers contain issue in preventing clickjacking attacks
Multiple router products contain an issue in the protection against clickjacking attacks. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Apply a solution Solutions vary depending on the product. Apply the appropriate solution according to...
Redmine vulnerable to cross-site scripting
Overview Redmine contains a cross-site scripting vulnerability. Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Kousuke Ebihara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#06924191: Microsoft Windows XP vulnerable to denial-of-service (DoS)
Microsoft Windows XP contains an issue when processing TCP packets, which may result in a denial-of-service DoS. Impact An attacker that can view the TCP communication of its target may cause a denial-of-service DoS. Solution Apply a workaround The following workaround may mitigate the affects of...
JVN#51325625: Internet Explorer vulnerable to cross-site scripting
Microsoft Internet Explorer contains a vulnerability in handling specific EUC-JP encoded characters, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the Software Upgrade to the latest version according to the...
XnView may insecurely load executable files
Overview XnView may use unsafe methods for determining how to load executables .exe XnView is a software for viewing and converting graphic files. XnView loads certain executables when using the "Open containing folder" function. XnView contains an issue with the file search path, which may...
JVN#29852698 Cross-site scripting vulnerability in RevoCounter CGI (Animation Counter)
RevoCounter CGI Animation Counter from futomi's CGI Cafe is a software that displays an animated counter on a webpage. RevoCounter CGI Animation Counter contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Softwar...
JVN#23558374 Cross-site scripting vulnerability in Access Analyzer CGI Standard Version (Ver. 3.x)
Access Analyzer CGI Standard Version provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Standard Version Ver. 3.x contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...
JVN#71945722 Movable Type Enterprise cross-site scripting vulnerability
Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability. This vulnerability is different from JVN02216739. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...