Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/14 5:9 a.m.•6 views

Multiple installers of Toshiba memory card related software may insecurely load Dynamic Link Libraries

Overview Multiple installers of Toshiba memory card related software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the...

9.3CVSS7AI score0.0299EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/14 4:55 a.m.•6 views

WN-AC1167GR vulnerable to cross-site scripting

Overview WN-AC1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AC1167GR contains a stored cross-site scripting vulnerability CWE-79. Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.4CVSS5.9AI score0.00891EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/10 4:47 a.m.•6 views

CS-Cart Japanese Edition fails to restrict access permissions

Overview CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition fails to restrict access permissions CWE-425. Note that this vulnerability is different from JVN14396697. Hirota Kazuki of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA. JPCERT/C...

5.3CVSS6.8AI score0.01174EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/13 4:42 a.m.•6 views

Cybozu KUNAI for Android information management vulnerability

Overview Cybozu KUNAI for Android is a mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android provides a function to output log information when synchronizing data with Cybozu, however the function is disabled by default. Cybozu KUNAI for Android contains an issu...

2.6CVSS6.5AI score0.01052EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/02/20 6:38 a.m.•6 views

Cybozu Garoon fails to restrict access permission in the Phone Messages function

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the Phone Messages function Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC...

4.3CVSS6.5AI score0.01206EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/22 5:26 a.m.•6 views

SKYSEA Client View vulnerable to arbitrary code execution

Overview SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View agent program contains an issue in processing authentication on the TCP communication with the management console program, which allows an attacker to execute an arbitrary code on t...

10CVSS7.8AI score0.1938EPSS
Exploits1References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/19 5:32 a.m.•6 views

Cybozu Garoon fails to restrict access permission in MultiReport filters

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in MultiReport filters. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information...

4.3CVSS6.5AI score0.01056EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/07 5:44 a.m.•6 views

Sleipnir for Mac vulnerable to URL spoofing

Overview Sleipnir for Mac provided by Fenrir Inc. contains a URL spoofing vulnerability due to a flaw in the page transition. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.1CVSS6.5AI score0.00831EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/11 5:50 a.m.•6 views

CG-WLR300NX fails to restrict access permissions

Overview CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX fails to restrict access permissions. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.8CVSS6.6AI score0.00889EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/11 5:49 a.m.•6 views

CG-WLR300NX vulnerable to cross-site scripting

Overview CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site scripting vulnerability CWE-79. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

4.8CVSS6AI score0.00765EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/11/11 5:45 a.m.•6 views

Multiple Corega wireless LAN routers vulnerable to cross-site scripting

Overview Multiple Corega wireless LAN routers contain a cross-site scripting vulnerability CWE-79. Yutaka Kokubu and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. and Shuya Ueki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

6.1CVSS6.2AI score0.01195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/12 1:3 a.m.•6 views

Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"

Overview FlashAir by Toshiba Corporation is a SDHC memory card which provides "Internet pass-thru Mode", allowing devices to access the internet while connecting to FlashAir. When configured in "Internet pass-thru Mode", FlashAir acts both as a station and as an access point. When "Internet...

5.4CVSS7.3AI score0.00711EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 6:4 a.m.•6 views

SetucoCMS vulnerable to cross-site request forgery

Overview SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains cross-site request forgery vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. and Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer unde...

8.8CVSS6.7AI score0.00977EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 6:4 a.m.•6 views

SetucoCMS vulnerable to cross-site scripting

Overview SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains cross-site scripting vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. and Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

6.1CVSS6.2AI score0.01278EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 6:4 a.m.•6 views

SetucoCMS vulnerable to SQL injection

Overview SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains an SQL injection vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning partnership. Impact An arbitrary...

8.8CVSS8AI score0.01559EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 6:4 a.m.•6 views

SetucoCMS vulnerable to session management

Overview SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains session management vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

6.5CVSS6.7AI score0.01347EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/07 4:50 a.m.•6 views

Usermin cross-site scripting vulnerabilties

Overview Usermin is a web-based interface used to manage webmail. Usermin contains reflected cross-site scripting vulnerabilities in /filter/saveforward.cgi, /filter/save.cgi and /man/search.cgi. Toshinobu Honjo of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC...

6.1CVSS6.1AI score0.01114EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 6:43 a.m.•6 views

Breadcrumb trail in Cybozu Office vulnerable vulnerable to browse restriction bypass

Overview Cybozu Office provided by Cybozu,Inc. contains a browse restriction bypass vulnerability in the breadcrumb trail. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early...

4.3CVSS6.5AI score0.01366EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 6:43 a.m.•6 views

"Schedule" function in Cybozu Office vulnerable to cross-site scripting

Overview Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability. Kusano Kazuhiko reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated...

5.4CVSS6AI score0.00964EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 7:4 a.m.•6 views

baserCMS vulnerable to cross-site scripting

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a stored cross-site scripting vulnerability. Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...

5.4CVSS5.8AI score0.00902EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 7:4 a.m.•6 views

baserCMS vulnerable to cross-site request forgery

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability. Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

8.8CVSS6.5AI score0.00944EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 7:4 a.m.•6 views

baserCMS plugin Mail vulnerable to cross-site request forgery

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a cross-site request forgery vulnerability. Isao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with t...

8.8CVSS6.5AI score0.00878EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 7:4 a.m.•6 views

baserCMS plugin Mail vulnerable to cross-site scripting

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a stored cross-site scripting vulnerability. Isao Takaesu of Mitsui Bussan Secure Directions, Inc. and Norihiko Hirukawa of FiveDrive Inc. reported this...

5.4CVSS5.8AI score0.00897EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 7:4 a.m.•6 views

baserCMS vulnerable to cross-site request forgery

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS contains a cross-site request forgery vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

8.8CVSS6.9AI score0.00913EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/29 5:39 a.m.•6 views

ManageEngine ServiceDesk Plus uses an insecure method for cookie generation

Overview ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus uses an insecure method for generating cookies. Akihito Mukai and Tomoshige Hasegawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.3CVSS6.7AI score0.03456EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/20 6:19 a.m.•6 views

Money Forward Apps for Android vulnerable in the WebView class

Overview Money Forward Apps for Android contain a vulnerability in the WebView class. Kenta Suefusa, Akinori Konishi and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a us...

5.5CVSS6.5AI score0.01661EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/16 5:8 a.m.•6 views

Splunk Enterprise and Splunk Light vulnerable to open redirect

Overview Splunk Enterprise and Splunk Light contain an open redirect vulnerability. Note that this vulnerability is different from JVN64800312. Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

6.1CVSS6.6AI score0.00812EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/16 4:56 a.m.•6 views

Splunk Enterprise and Splunk Lite vulnerable to cross-site scripting

Overview Splunk Enterprise and Splunk Lite contain a stored cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN74244518. Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

4.8CVSS5.9AI score0.00976EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/14 6:0 a.m.•6 views

CS-Cart add-on "Twigmo" vulnerable to PHP object injection

Overview CS-Cart add-on "Twigmo" contains a PHP object injection vulnerability due to a flaw where untrusted input values are unserialized. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote...

8.8CVSS7.7AI score0.02071EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/22 6:16 a.m.•6 views

"New appointment" function in Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. "New appointment" function in Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under...

6.1CVSS6AI score0.01077EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/22 6:16 a.m.•6 views

"Response request" function in Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. "Response request" function in Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated unde...

6.1CVSS6AI score0.01152EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/18 5:24 a.m.•6 views

OSSEC Web UI vulnerable to cross-site scripting

Overview OSSEC Web UI is a web interface for use with Open Source HIDS Security OSSEC. OSSEC Web UI contains a cross-site scripting CWE-79 vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.1CVSS6.1AI score0.01286EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/04 4:41 a.m.•6 views

Coordinate Plus App fails to verify SSL server certificates

Overview Coordinate Plus App provided by Toshiba Corporation fails to verify SSL server certificates. Gaku Taniguchi of RiskFinder,inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle...

5.9CVSS6.5AI score0.0108EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/25 2:15 a.m.•6 views

EC-CUBE plugin "Coupon Plugin" vulnerable to SQL injection

Overview EC-CUBE plugin "Coupon Plugin" provided by Seed Inc. contains an SQL injection vulnerability CWE-89. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

9.8CVSS7.6AI score0.021EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/07/20 5:56 a.m.•6 views

Vtiger CRM does not properly restrict access to application data

Overview Vtiger CRM is a customer relationship management CRM software. Vtiger CRM contains a vulnerability where it does not properly restrict access to user information data. Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with th...

8.1CVSS6.5AI score0.02207EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/27 4:48 a.m.•6 views

QNAP QTS vulnerable to cross-site scripting

Overview QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a cross-site scripting vulnerability CWE-79. Keigo YAMAZAKI of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6.1AI score0.01021EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/20 8:19 a.m.•6 views

Apache Struts vulnerable to validation bypass in Getter method

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain a validation bypass in Getter method vulnerability. JPCERT/CC Addendum Update: August 25, 2016...

7.5CVSS6.8AI score0.10013EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/20 7:36 a.m.•6 views

Apache Struts vulnerable to remote code execution

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Web applications that are developed using Apache Struts 2 REST Plugin contain a remote code execution vulnerability. Note that the exploit code for this vulnerability is...

9.8CVSS8.1AI score0.17171EPSS
Exploits2References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/14 5:0 a.m.•6 views

ETX-R vulnerable to denial-of-service (DoS)

Overview ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a denial-of-service DoS vulnerability. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

5.3CVSS6.7AI score0.01599EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•6 views

Cybozu Garoon fails to restrict access permissions

Overview Cybozu Garoon is a groupware. Cybozu Garoon fails to restrict access permissions in the mail function. Note that this vulnerability is different from JVN33879831. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc...

5CVSS6.5AI score0.01298EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•6 views

Cybozu Garoon fails to restrict access permissions

Overview Cybozu Garoon is a groupware. Cybozu Garoon fails to restrict access permissions in the API to retrieve the Address Book information. Note that this vulnerability is different from JVN53542912. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through...

4.3CVSS6.5AI score0.01038EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/27 4:53 a.m.•6 views

Multiple Buffalo wireless LAN routers vulnerable to directory traversal

Overview Multiple wireless LAN routers provided by BUFFALO INC. contain a directory traversal vulnerability CWE-22. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

7.5CVSS6.8AI score0.02181EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/26 5:30 a.m.•6 views

NetCommons vulnerable to privilege escalation

Overview NetCommons provided by the NetCommons Project contains a privilege escalation vulnerability. Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user wi...

9CVSS6.8AI score0.01889EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/20 5:22 a.m.•6 views

MP Form Mail CGI Professional Edition vulnerable to directory traversal

Overview MP Form Mail CGI Professional Edition provided by futomi Co., Ltd. contains a directory traversal vulnerability CWE-22. Yuuta Watanabe of STNet, Incorporated reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

4.1CVSS6.6AI score0.02289EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/11 5:16 a.m.•6 views

Apache Cordova fails to restrict access permissions

Overview Apache Cordova contains a vulnerability where whitelist restrictions are not properly applied. Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms. iOS applications built using Apache Cordova contain a...

7.5CVSS6.7AI score0.02879EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/26 5:24 a.m.•6 views

EC-CUBE vulnerable to cross-site request forgery

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability CWE-352. LOCKON CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and LOCKON CO.,LTD...

8.8CVSS6.6AI score0.00636EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 6:29 a.m.•6 views

baserCMS plugin "Menubook Plugin" vulnerable to cross-site scripting

Overview baserCMS plugin "Menubook Plugin" contains a cross-site scripting vulnerability. CWE-79 Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6.1AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/03/30 5:49 a.m.•6 views

Aterm WF800HP vulnerable to cross-site request forgery

Overview Aterm WF800HP provided by NEC Corporation contains a cross-site request forgery vulnerability CWE-352. Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

8.8CVSS6.5AI score0.00629EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/03/24 3:28 a.m.•6 views

WordPress plugin "WP Favorite Posts" vulnerable to cross-site scripting

Overview "WP Favorite Posts" is a plugin for WordPress. WP Favorite Posts contains a cross-site scripting vulnerability. Note that this vulnerability cannot be exploited on the default settings. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC...

6.1CVSS6.1AI score0.01491EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/03/02 5:52 a.m.•6 views

Multiple Corega wireless LAN routers vulnerable to cross-site request forgery

Overview Multiple wireless LAN routers provided by Corega Inc contain a cross-site request forgery vulnerability CWE-352. Yutaka Kokubu and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. and Ueki Shuya reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

8.8CVSS6.7AI score0.00616EPSS
Exploits0References5
Total number of security vulnerabilities5000