Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/11/20 12:0 a.m.•11 views

JVN#16114985: "Kura Sushi Official App Produced by EPARK" for Android uses a hard-coded cryptographic key

"Kura Sushi Official App Produced by EPARK" for Android provided by EPARK, Inc. uses a hard-coded cryptographic key CWE-321. Impact An attacker may obtain the login ID and password for the affected product. Solution Update the application Update the application to the latest version according to...

4CVSS7AI score0.00152EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/27 12:0 a.m.•11 views

JVN#21176842: MF Teacher Performance Management System vulnerable to cross-site scripting

MF Teacher Performance Management System provided by Media Fusion Co.,Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the website using the product. Solution Apply the Patch The developer has release...

6.1CVSS6.4AI score0.00243EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/06 12:0 a.m.•11 views

JVN#49873988: Secure Boot bypass Vulnerability in PRIMERGY

PRIMERGY is an IA server provided by Fsas Technologies Inc. PRIMERGY contains a vulnerability where Secure Boot function is bypassed. This is due to a vulnerability called "PKFail" CVE-2024-8105, which was publicly disclosed by Binarly. Impact The product's Secure Boot function may be bypassed an...

6.4CVSS6.3AI score0.0024EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/03/03 8:50 a.m.•11 views

Multiple vulnerabilities in OpenBlocks IoT VX2

Overview OpenBlocks IoT VX2 provided by Plat'Home Co., Ltd. contains multiple vulnerabilities. Masahiro Murashima and Genta Kataoka of IERAE SECURITY INC. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

8.8CVSS7.3AI score0.00855EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/13 4:59 a.m.•11 views

Movable Type vulnerable to open redirect

Overview Movable Type provided by Six Apart Ltd. contains an open redirect vulnerability CWE-601. Hidetomo Hosono of EG Secure Solutions Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When accessing a...

6.1CVSS6.6AI score0.00851EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/05 12:0 a.m.•11 views

JVN#09470233: Android stock browser vulnerable to denial-of-service (DoS)

The Android stock browser contains a denial-of-service DoS vulnerability. Impact When receiving a specially crafted packet, the Android stock browser may crash. Solution Do not use Android stock browser If using an affected version of the Android stock browser, it is recommended to use another...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/09 4:59 a.m.•11 views

Lhaplus vulnerable to remote code execution

Overview Lhaplus is a file compression/decompression software. Lhaplus contains a remote code execution vulnerability. Masato Kinugawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Decompressing a speciall...

6.8CVSS8.3AI score0.02758EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/15 12:0 a.m.•11 views

JVN#72586781: ASP.NET vulnerable to cross-site scripting

ASP.NET contains an issue in the escape processes for string output. Web applications that use ASP.NET may contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/08/31 12:0 a.m.•11 views

JVN#20452446 Shopping Basket Pro directory traversal vulnerability

Shopping Basket Pro from CGI RESCUE is shopping cart software. A directory traversal vulnerability exists in Shopping Basket Pro. Impact A remote attacker could obtain a list of the file and directory names on the server where Shopping Basket Pro is installed. Solution Update the Software Apply t...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/03/13 12:0 a.m.•11 views

JVN#91706484 Trac cross-site scripting vulnerability

Impact A remote attacker could possibly execute an arbitrary script on the user's IE where the user views a Trac wiki content. Solution Products Affected trac 0.10.3 and earlier versions trac-0.10.3-ja-1 and earlier versions...

7.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/12/08 12:0 a.m.•11 views

JVN#34830904 Shobo Shobo Nikki System (sns) cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Also, the administrator's password could be disclosed if cookie information is leaked. Solution Products Affected sns 3.11 and earlier...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/10/12 12:0 a.m.•11 views

JVN#41241092 Kmail CGI authentication bypass vulnerability

Impact A remote attacker may bypass Kmail CGI's user authentication, and view or delete the emails of Kmail users. Solution Products Affected Version 1.0.3 and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/08/31 12:0 a.m.•11 views

JVN#99776858 Multiple vulnerabilities in Webmin and Usermin

Impact A remote attacker could conduct the followings: Steal Webmin and Usermin's configuration information Execute an arbitrary script on the user's web browser Possibly conduct a session hijack attack if session information from a cookie is leaked Solution Products Affected Webmin 1.290 and...

7.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/08/14 12:0 a.m.•11 views

JVN#51301450 NetCommons cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. As a result, a remote attacker could forge the web page contents. Solution Products Affected NetCommons 1.0.8 and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/18 12:0 a.m.•11 views

JVN#81108784 Geeklog cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Geeklog 1.4.0sr4 and earlier Geeklog 1.3.11sr6 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/18 12:0 a.m.•11 views

JVN#62307185 QwikiWiki cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. User credentials could be leaked as a result. Solution Products Affected QwikiWiki version 1.5.5 and earlier...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/07/11 12:0 a.m.•11 views

JVN#13947696 Ruby contains a vulnerability that prevents safe level 4 from functioning as a sandbox.

Impact An attacker may be able to bypass the security model of a server application and change the status of a untained object. Solution Products Affected Ruby 1.8.4-20060516 and earlier Snapshot versions As a workaround, we recommend that users update to the latest Ruby 1.8.4 snapshot version...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/10/28 12:0 a.m.•11 views

JVN#18282718 Hyper Estraier directory traversal/denial of service vulnerability

Impact If a remote attacker sends a specially crafted file and a user saves it in a search target directory, the attacker could register a file not to be searched in an index when the user creats an index, or cause a denial of service. Solution Products Affected Versions earlier than Hyper Estrai...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/27 6:9 a.m.•10 views

Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Analyzer viewpoint

Overview Vulnerability has been found in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Analyzer viewpoint. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' sectio...

4.6CVSS5.7AI score0.00175EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/21 8:22 a.m.•10 views

Android App "RoboForm Password Manager" insufficient validation of Android intents

Overview Android App "RoboForm Password Manager" provided by Siber Systems, Inc. accepts intents from other applications to open relevant web pages e.g., login pages, but without sufficient URL validation, user confirmation nor notification. Insufficient UI Warning of Dangerous Operations CWE-357...

4.6CVSS5.8AI score0.00132EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/21 6:27 a.m.•10 views

Multiple vulnerabilities in silex technology SD-330AC and AMC Manager

Overview SD-330AC and AMC Manager provided by silex technology, Inc. contain multiple vulnerabilities listed below. Stack-based buffer overflow in processing the redirect URLs CWE-121 - CVE-2026-32955 Heap-based buffer overflow in processing the redirect URLs CWE-122 - CVE-2026-32956 Missing...

9.8CVSS6.9AI score0.40002EPSS
Exploits1References27
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/20 5:47 a.m.•10 views

SKYSEA Client View and SKYMEC IT Manager improper file access permission settings

Overview SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. are Enterprise IT Asset Management Tools. SKYSEA Client View and SKYMEC IT Manager contain the following vulnerability. Incorrect default permissions in the installation folder CWE-276 - CVE-2026-39454 Takashi Matsumoto of...

8.5CVSS7.7AI score0.00112EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/27 9:18 a.m.•10 views

Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

Overview Vulnerability exists in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

8.2CVSS5.9AI score0.00174EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/17 11:46 a.m.•10 views

Multiple Vulnerabilities in Cosminexus HTTP Server

Overview Multiple vulnerabilities have been found in Cosminexus HTTP Server. CVE-2025-49630, CVE-2025-53020 These vulnerabilities does not apply if HTTP/2 protocol is disabled. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the...

7.5CVSS5.6AI score0.04409EPSS
Exploits1References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/29 1:32 a.m.•10 views

Multiple Vulnerabilities in Cosminexus

Overview Multiple vulnerabilities exist in Cosminexus Component Container. CVE-2025-48988, CVE-2025-48976 Affected products and versions are listed below. Please upgrade your version to the appropriate version. These vulnerabilities exist in Cosminexus Component Container which is a component...

7.5CVSS7AI score0.64718EPSS
Exploits1References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/09/05 12:0 a.m.•10 views

JVN#41633999: Obsidian GitHub Copilot Plugin stores sensitive information in cleartext

Obsidian GitHub Copilot Plugin provided by Pierre-Adrien Vasseur is vulnerable to the following vulnerability. Cleartext storage of sensitive information CWE-312 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L Base Score 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L Base Score...

6.8CVSS6.5AI score0.00094EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/08/05 2:29 a.m.•10 views

Out-of-bounds write vulnerability in FUJIFILM Business Innovation MFPs

Overview Multiple MFPs multifunction printers provided by FUJIFILM Business Innovation Corp. contain the following vulnerability. Out-of-bounds Write CWE-787 - CVE-2025-48499 Jia-Ju Bai, Rui-Nan Hu, Dong Zhang, and Zhen-Yu Guan of School of Cyber Science and Technology of Beihang University...

6.9CVSS6.6AI score0.00297EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/07/07 12:0 a.m.•10 views

JVN#88251376: Multiple vulnerabilities in Nimesa Backup and Recovery

Nimesa Backup and Recovery provided by Nimesa contains multiple vulnerabilities listed below. OS command injection CWE-78 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2025-48501 Server-side request...

9.8CVSS8.7AI score0.01307EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/03 12:0 a.m.•10 views

JVN#05562338: Improper file access permission settings in PC Time Tracer

PC Time Tracer provided by Keiyo System Co., LTD contains a vulnerability listed below. Incorrect default permissions CWE-276 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Base Score 7.3 CVE-2025-46355 Impact Arbitrary...

7.3CVSS6.8AI score0.00139EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/05/16 5:32 a.m.•10 views

Multiple vulnerabilities in V-SFT

Overview V-SFT provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below. Free of Pointer not at Start of Buffer in VS6EditData.dll!CWinFontInf::WinFontMsgCheck function CWE-761 CVE-2025-47749 Out-of-bounds Write in VS6MemInIF!settemptypedefault function CWE-787...

8.4CVSS7.1AI score0.00211EPSS
Exploits0References18
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/18 12:0 a.m.•10 views

JVN#11230428: +F FS010M vulnerable to OS command injection

+F FS010M provided by FUJI SOFT INCORPORATED contains multiple OS command injection vulnerabilities listed below. OS command injection CWE-78 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2 CVE-2025-24306 OS command injection CWE-78 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base...

8.8CVSS7.3AI score0.01011EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/19 12:0 a.m.•10 views

JVN#48742353: Multiple cross-site scripting vulnerabilities in Movable Type

Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2025-22888 Stored cross-si...

6.1CVSS6.8AI score0.00238EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/12/16 12:0 a.m.•10 views

JVN#61635834: Multiple vulnerabilities in SHARP routers

SHARP routers contain multiple vulnerabilities listed below. OS command injection vulnerability in the HOST name configuration screen CWE-78 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2 CVE-2024-45721 The hidden debug function is enabled CWE-489...

9.8CVSS8.4AI score0.01187EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/12/16 12:0 a.m.•10 views

JVN#08430039: "Shonen Jump+" App for Android fails to restrict custom URL schemes properly

"Shonen Jump+" App for Android provided by SHUEISHA INC. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a use...

3.3CVSS7AI score0.00161EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/11/06 2:0 a.m.•10 views

Trend Micro Deep Security 20 Agent for Windows vulnerable to improper access control

Overview Trend Micro Incorporated has released a security update for Deep Security 20 Agent for Windows to fix a improper access control vulnerability CVE-2024-48903. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A...

7.8CVSS6.6AI score0.00745EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/28 12:0 a.m.•10 views

JVN#78335885: Chatwork Desktop Application (Windows) uses a potentially dangerous function

Chatwork Desktop Application Windows provided by kubell Co., Ltd. contains an issue with use of potentially dangerous function CWE-676, which allows a user to access an external website via a link in the application. Impact If a user clicks a specially crafted link in the application, an arbitrar...

5.5CVSS7AI score0.00251EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/18 12:0 a.m.•10 views

JVN#19766555: Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"

WordPress plugin "Welcart e-Commerce" provided by Welcart Inc. contains multiple vulnerabilities listed below. SQL injection CWE-89 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.8 CVE-2024-42404 Cross-site scripting CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1...

8.8CVSS8.9AI score0.00482EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/03/11 5:53 a.m.•10 views

Installer of MagicConnect Client program may insecurely load Dynamic Link Libraries

Overview Installer of MagicConnect Client program provided by NTT TechnoCross Corporation contains a vulnerability which may lead to insecurely loading Dynamic Link Libraries CWE-427 when a terminal is connected remotely using Remote desktop. Yuji Tounai of Mitsui Bussan Secure Directions, Inc...

7.8CVSS7AI score0.00915EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/03/05 8:3 a.m.•10 views

The installers of E START products may insecurely load Dynamic Link Libraries

Overview The installers of E START products by GMO INSIGHT Inc. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the folder specified by the TEMP environment variable or where the installer resides CWE-427, CVE-2015-9267, and CVE-2015-9268...

9.3CVSS7.1AI score0.01525EPSS
Exploits2References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/06 4:41 a.m.•10 views

WordPress plugin "Shortcodes Ultimate" vulnerable to directory traversal

Overview The WordPress plugin "Shortcodes Ultimate" contains a directory traversal vulnerability CWE-22 in the Examples page. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Arbitrary local files o...

5CVSS6.3AI score0.02571EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/20 12:0 a.m.•10 views

JVN#92395431: Java (OGNL) code execution in Apache Struts 2 when devMode is enabled

Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating Java web applications. There is a known risk that arbitrary Java OGNL code may be executed in Apache Struts 2 when devMode is enabled in production environment. It is confirmed that proof-of-concept co...

7.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/22 12:0 a.m.•10 views

JVN#06212291: Android OS Contacts app fails to restrict access permissions

The Contacts app within the Android OS receives requests for outgoing calls through Intents and calls the Dialer app. The Contacts app contains a vulnerability where it fails to restrict access permissions, since it receives and processes Intents from apps without CALLPHONE permissions. Impact Wh...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/27 4:28 a.m.•10 views

ManageEngine Firewall Analyzer vulnerable to directory traversal

Overview ManageEngine Firewall Analyzer provided by Zoho Corporation is a log analytics and configuration management software for network security devices. ManageEngine Firewall Analyzer contains a directory traversal vulnerability. Mukai Akihito and Hasegawa Tomoshige reported this vulnerability...

6.5CVSS6.6AI score0.10631EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/07/25 5:44 a.m.•10 views

Arbitrary program execution vulnerability in TrendLink ActiveX control

Overview TrendLink provided by Canary Labs is a tool to help visualize data for analysis. The SaveToFile method provided in the ActiveX control in TrendLink contains a vulnerability where file creation is not properly restricted. Security Research and Service Institute - Information and...

8.5CVSS7.2AI score0.0129EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/12/20 6:4 a.m.•10 views

Opera Mini / Opera Mobile for Android vulnerable in the WebView class

Overview Opera Mini and Opera Mobile for Android contain a vulnerability in the WebView class. Opera Mini and Opera Mobile are web browsers for mobile devices. Opera Mini and Opera Mobile for Android contain a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions,...

4.3CVSS6.5AI score0.00893EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/10/31 12:0 a.m.•10 views

JVN#75345069: Mac OS X OpenSSH vulnerable to denial-of-service (DoS)

The OpenSSH implementation in Mac OS X is vulnerable to denial-of-service. Impact A remote attacker may cause a denial-of-service. Solution Update the software Update to the latest version according to the information provided by the developer. According to the developer, versions Mac OS X 10.6 a...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/03/12 12:0 a.m.•10 views

JVN#79114735 Google Desktop cross-site scripting vulnerability

Google Desktop, software for searching information on local computers, contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the web browser of a user who uses Google Desktop. Solution According to the vendor, this vulnerability has been fixed in Google...

6.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/12/12 12:0 a.m.•10 views

JVN#23120863 Rainboard cross-site scripting vulnerability

The Rainboard bulletin board software provided by UDON is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. Products Affected Rainboard 2.02 and earlier...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2007/01/17 12:0 a.m.•10 views

JVN#13939411 Drupal cross-site scripting vulnerability

Impact An arbitrary script could be executed on the browser of the user who logged into Drupal. In addition, if session information from a cookie is leaked, a remote attacker could possibly conduct session hijacking. Solution Products Affected Drupal 4.6.10 and earlier Drupal 4.7.4 and earlier...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/11/27 12:0 a.m.•10 views

JVN#47223461 tDiary cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected 2.0.2 stable and earlier 2.1.4.20061115 developer version and earlier...

7.2AI score
Exploits0
Total number of security vulnerabilities5000