Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/18 6:26 a.m.•5 views

105 BANK App fails to verify SSL server certificates

Overview 105 BANK App provided by THE HYAKUGO BANK, LTD. is a mobile app for internet banking. 105 BANK App fails to verify SSL server certificates. Yuji Tounai of NTT Com Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...

5.9CVSS6.4AI score0.00642EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/25 6:35 a.m.•5 views

kintone mobile for Android information management vulnerability

Overview kintone mobile for Android provided by Cybozu, Inc. contains an authentication information management vulnerability. Kusano Kazuhiko and Gopinath reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

2.6CVSS6.6AI score0.00744EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 6:29 a.m.•5 views

baserCMS plugin "Casebook Plugin" vulnerable to cross-site scripting

Overview baserCMS plugin "Casebook Plugin" contains a cross-site scripting vulnerability CWE-79. Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6.1AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 6:29 a.m.•5 views

baserCMS plugin "Recruit Plugin" vulnerable to cross-site scripting

Overview baserCMS plugin "Recruit Plugin" contains a cross-site scripting vulnerability. CWE-79 Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6.1AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/22 5:56 a.m.•5 views

Log-Chat vulnerable to cross-site scripting

Overview Log-Chat provided by Script contains a stored cross-site scripting vulnerability CWE-79. Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.1CVSS5.9AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/27 5:40 a.m.•5 views

HOME SPOT CUBE vulnerable to open redirect

Overview HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains an open redirect vulnerability. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...

7.4CVSS6.6AI score0.01254EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/27 5:40 a.m.•5 views

HOME SPOT CUBE vulnerable to cross-site scripting

Overview HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains a cross-site scripting vulnerability. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.4CVSS6.2AI score0.00802EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/22 5:36 a.m.•5 views

Multiple Buffalo network devices vulnerable to cross-site scripting

Overview Multiple network devices provided by BUFFALO INC. contain a cross-site scripting vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

6.1CVSS6AI score0.00765EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/17 7:18 a.m.•5 views

Multiple Cross-site Scripting Vulnerabilities in EUR

Overview Multiple cross-site scripting vulnerabilities were found in EUR. Impact Remote users can exploit these vulnerabilities to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

3.5CVSS6.5AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/11 4:46 a.m.•5 views

Zend Framework vulnerable to SQL injection

Overview Zend Framework is an open source web application framework. Zend Framework contains an SQL injection vulnerability CWE-89 due to the argument of the ORDER BY clause. Hiroshi Tokumaru of HASH Consulting Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...

9.8CVSS7.9AI score0.02332EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/20 4:31 a.m.•5 views

ArcSight Management Center and ArcSight Logger vulnerable to cross-site scripting

Overview ArcSight Management Center and ArcSight Logger from Hewlett-Packard Development Company L.P. contain a stored cross-site scripting vulnerability CWE-79. Mukai Akihito reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5CVSS5.9AI score0.01942EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/06 3:30 a.m.•5 views

SonicWall TotalSecure TZ 100 Series vulnerable to denial-of-service (DoS)

Overview SonicWall TotalSecure TZ 100 Series is a firewall product provided by Dell Inc. SonicWall TotalSecure TZ 100 Series contains a denial-of-service DoS vulnerability. FFRI,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5CVSS6.5AI score0.02897EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/29 4:46 a.m.•5 views

Enisys Gw vulnerable to cross-site scripting

Overview Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw contains a cross-site scripting vulnerability CWE-79. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

4.3CVSS6AI score0.01171EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/07 5:48 a.m.•5 views

Cybozu Garoon vulnerable to LDAP injection

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an issue in processing authentication requests, which may result in an LDAP injection vulnerability. Impact A malicious user authorized to administer uesrs in certain groups may obtain information from the authentication server or may...

7CVSS7.2AI score0.01241EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/01 5:11 a.m.•5 views

Canary Labs Trend Web Server vulnerable to buffer overflow

Overview Trend Web Server provided by Canary Labs is a solution used for data visualization. Trend Web Server contains a buffer overflow CWE-119 vulnerability. Kuang-Chun Hung reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warni...

7.5CVSS8AI score0.02891EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/29 5:5 a.m.•5 views

niconico App for iOS fails to verify SSL server certificates

Overview niconico App for iOS provided by DWANGO Co., Ltd. fails to verify SSL server certificates. AOKI Keiichi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attack...

7.4CVSS6.4AI score0.00945EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 7:58 a.m.•5 views

Koritore vulnerable to URL whitelist bypass

Overview Koritore provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Koritore contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reporte...

6.8CVSS6.6AI score0.01093EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 7:58 a.m.•5 views

MEGAPHONE MUSIC vulnerable to URL whitelist bypass

Overview MEGAPHONE MUSIC provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". MEGAPHONE MUSIC contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprou...

6.8CVSS6.6AI score0.01503EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/24 5:33 a.m.•5 views

Welcart vulnerable to cross-site scripting

Overview Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site scripting CWE-79 vulnerability due to the processing of uscesreferer parameter in admin.php. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the...

4.3CVSS6AI score0.02033EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/25 6:0 a.m.•5 views

namshi/jose fails to verify token signatures

Overview namshi/jose is a PHP library for handling JSON Web Tokens JWT. namshi/jose contains a vulnerability in processing JWT headers where it fails to verify token signatures. Toshiharu Sugiyama of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5CVSS6.6AI score0.01385EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/18 5:14 a.m.•5 views

Ruby on Rails library Paperclip vulnerable to cross-site scripting

Overview Paperclip provided by thoughtbot is a library to upload files in Ruby on Rails. Paperclip contains a persistent cross-site scripting vulnerability CWE-79. MORI Shingo of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

4.3CVSS6.2AI score0.02121EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 5:16 a.m.•5 views

MilkyStep fails to restrict access permissions

Overview MilkyStep provided by Igreks Inc. fails to restrict access permissions. Note that this vulnerability is different from JVN16409640. MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep fails to restrict access permissions CWE-264. Kusano...

6.4CVSS6.6AI score0.01553EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 5:2 a.m.•5 views

MilkyStep vulnerable to OS command injection

Overview MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains an OS command injection vulnerability CWE-78. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

7.5CVSS7.4AI score0.01615EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/14 4:39 a.m.•5 views

Cacti vulnerable to SQL injection

Overview Cacti is a web application that graphs stored data collected from network devices. Cacti contains a SQL injection vulnerability due to a flaw in processing user input values for 'localgraphid' in graph.php. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IP...

6.5CVSS7.3AI score0.01084EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/14 4:24 a.m.•5 views

JBoss RichFaces vulnerable to remote Java code execution

Overview JBoss RichFaces contains a remote Java code execution vulnerability. JBoss RichFaces is an Ajax-enabled component library for JavaServer Faces JSF. JBoss RichFaces contains a flaw in parsing the do parameter, which may result in arbitrary Java code execution. Takeshi Terada of Mitsui...

7.5CVSS7.8AI score0.03929EPSS
Exploits1References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/06 4:46 a.m.•5 views

All In One WP Security & Firewall vulnerable to cross-site request forgery

Overview All In One WP Security & Firewall is WordPress plugin that provides security functionality. All In One WP Security & Firewall contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, access logs 404 events maintained by the...

6.8CVSS6.4AI score0.01076EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/01/29 4:52 a.m.•5 views

Arbitrary files may be overwritten in multiple VMware products

Overview Multiple products provided by VMware Inc. contain a vulnerability where arbitrary files on the host OS may be overwritten. Shanon Olsson reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user...

6.4CVSS6.7AI score0.04189EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/18 5:47 a.m.•5 views

Multiple Allied Telesis products vulnerable to buffer overflow

Overview AR Router Series and Alliedware switches provided by Allied Telesis Group contain a buffer overflow vulnerability CWE-788 due to a flaw when processing a POST method. Impact Arbitrary code may be executed when processing a specially crafted HTTP request. Solution Update the Firmware Upda...

10CVSS7.4AI score0.06131EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/02 5:27 a.m.•5 views

LG Electronics mobile access routers lack access restrictions

Overview LG Electronics mobile access routers provided by NTT DOCOMO, INC. lack access restrictions in the web administration interface. Taiga Asano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacke...

5CVSS6.7AI score0.01354EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/25 5:53 a.m.•5 views

N-Media file uploader vulnerability in handling uploaded files

Overview N-Media file uploader is a plugin for WordPress. N-Media file uploader contains a vulnerability CWE-264 in the way it handles uploaded files. As a result, an arbitrary PHP script which is uploaded may be executed. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC...

6.5CVSS7AI score0.01739EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/08/29 4:38 a.m.•5 views

Kindle App for Android fails to verify SSL server certificates

Overview Kindle App for Android fails to verify SSL server certificates. Hiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an...

5.8CVSS6.5AI score0.00521EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/08/26 4:33 a.m.•5 views

MailPoet Newsletters vulnerable to cross-site request forgery

Overview MailPoet Newsletters is a plugin for WordPress. MailPoet Newsletters contains a cross-site request forgery vulnerability. Yoshinori Matsumoto reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a use...

6.8CVSS6.5AI score0.0107EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/08/15 4:24 a.m.•5 views

Shutter vulnerable to SQL injection

Overview Shutter provided by tenfourzero is a web package allowing users to share their photos. lib/admin.php in Shutter contains a SQL injection vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

7.5CVSS7.8AI score0.01164EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/08/06 6:22 a.m.•5 views

GOM Player vulnerable to denial-of-service (DoS)

Overview GOM Player provided by Gretech contains a denial-of-service DoS vulnerability due to an issue in processing an image file. Security Engineering Laboratory, IT Security CenterISEC, IPA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

4.3CVSS6.5AI score0.01523EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/07/15 5:45 a.m.•5 views

Cybozu Garoon vulnerable to cross-site scritping

Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Map search", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update...

3.5CVSS6AI score0.00936EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/25 5:53 a.m.•5 views

Web Kyukincho vulnerable to cross-site scripting

Overview Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the user's web browser. Solution Update the Software Update to the...

4.3CVSS6.1AI score0.01148EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/24 5:22 a.m.•5 views

Login rebuilder vulnerable to cross-site request forgery

Overview Login rebuilder is a plugin for WordPress. Login rebuilder contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the Software Update to the latest version according to the...

6.8CVSS6.6AI score0.01076EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/24 5:21 a.m.•5 views

Sophos Disk Encryption vulnerable to authentication bypass

Overview Sophos Disk Encryption contains an authentication bypass vulnerability. Sophos Disk Encryption is a product to encrypt hard disk data on Windows PC. By default, Window requires logon authentication when the PC wakes up from hibernation or sleep mode. When Sophos Disk Encryption is...

6.9CVSS7AI score0.0051EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/18 5:30 a.m.•5 views

TOSHIBA TEC e-Studio series vulnerable to cross-site request forgery

Overview e-Studio provided by TOSHIBA TEC CORPORATION is a multi-function peripheral MFP. Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in a cross-site request forgery. Impact If the administrator views a malicious page while logged in...

6.8CVSS6.8AI score0.01148EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/14 4:45 a.m.•5 views

Content Provider in CamiApp for Android fails to restrict access permissions

Overview The Content Provider in CamiApp for Android provided by KOKUYO S Co.,Ltd. contains an issue where access permissions are not restricted. Hiroshi Kumagai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

5.8CVSS6.4AI score0.01083EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/03/20 5:2 a.m.•5 views

Silex vulnerable to cross-site scripting

Overview Silex is a software to build websites. Silex contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be execute...

4.3CVSS6AI score0.01161EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/02/21 5:12 a.m.•5 views

Blackboard Vista/CE vulnerable to cross-site scripting

Overview Blackboard Vista/CE is a learning management system LMS. Blackboard Vista/CE contains a cross-site scripting vulnerability. ICHIHARA Ryohei of SERAKU Co.,Ltd. reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.3CVSS6.1AI score0.01773EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/24 3:36 a.m.•5 views

OpenPNE vulnerable to PHP Object Injection

Overview OpenPNE contains an issue in processing Cookie headers, which may result in a PHP Object Injection vulnerability. Egidio Romano of Secunia reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote,...

7.5CVSS7.3AI score0.01527EPSS
Exploits2References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/22 6:27 a.m.•5 views

EC-CUBE vulnerable to information alteration

Overview EC-CUBE contains an information alteration vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information alteration vulnerability. aratana inc. reported this vulnerability to the developer. JPCERT/CC coordinated with...

6.4CVSS6.6AI score0.01569EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/25 10:13 a.m.•5 views

Xml eXternal Entity Vulnerability in Hitachi Cosminexus

Overview When using Cosminexus JAX-WS, XXE Xml eXternal Entity in Hitachi Cosminexus Component Container contains a vulnerability that may cause information leakage. Impact A remote attacker could obtain information via SOAP message loading unexpected external entities. Solution Please refer to t...

2.6CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/03 4:37 a.m.•5 views

Multiple cross-site scripting vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provid...

5CVSS8.6AI score0.01792EPSS
Exploits0References37
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/28 7:38 a.m.•5 views

Buffer Overflow Vulnerability in the log function of Interstage HTTP Server

Overview The log function ihsrlog/rotatelogs of Interstage HTTP Server contains a buffer overflow vulnerability. Impact An attacker could execute arbitrary code. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

10CVSS7.7AI score0.01824EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/20 7:14 a.m.•5 views

EC-CUBE information disclosure vulnerability

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability due to an issue in processing front features. LAC Co., Ltd. reported this vulnerability to the developer. JPCERT/CC coordinated with the develope...

5.5CVSS6.3AI score0.01172EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/20 6:56 a.m.•5 views

EC-CUBE vulnerable to cross-site scripting

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. LAC Co., Ltd. reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.3CVSS6.1AI score0.01883EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/09/06 5:12 a.m.•5 views

Apache Struts vulnerable to remote command execution

Overview Apache Struts contains a remote command execution vulnerability. Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a remote command execution vulnerability. This issue is the same issue that the...

9.8CVSS7.2AI score0.99998EPSS
Exploits18References18
Total number of security vulnerabilities5000