Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/02/14 8:0 a.m.•5 views

The installers of ELECOM Camera Assistant and QuickFileDealer may insecurely load Dynamic Link Libraries

Overview The installers of ELECOM Camera Assistant and QuickFileDealer provided by ELECOM CO.,LTD. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Tomohisa Hasegawa of Canon IT Solutions Inc. reported this vulnerability to IPA...

7.8CVSS7AI score0.00204EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/24 7:0 a.m.•5 views

pgAdmin 4 vulnerable to directory traversal

Overview PostgreSQL management tool pgAdmin 4 contains a directory traversal vulnerability CWE-22. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user ...

6.5CVSS6.6AI score0.08826EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/18 4:51 a.m.•5 views

File and Directory Permissions Vulnerability in Hitachi Tuning Manager

Overview A File and Directory Permissions Vulnerability CVE-2020-36611 exists in Hitachi Tuning Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

7.1CVSS6.8AI score0.0015EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/11 8:7 a.m.•5 views

OpenAM Web Policy Agent (OpenAM Consortium Edition) vulnerable to path traversal

Overview OpenAM Web Policy Agent OpenAM Consortium Edition provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability CWE-22. Furthermore, a crafted URL may be evaluated incorrectly. OpenAM Consortium reported this vulnerability to JPCERT/CC to notify users of...

7.5CVSS6.6AI score0.00722EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/20 3:12 a.m.•5 views

Command injection vulnerability in SHARP Multifunctional Products (MFP)

Overview SHARP Multifunctional Products MFP contain a command injection vulnerability CWE-77, CVE-2022-45796. The OS layer is affected beyond the web application component, however treating the web application component as separate from the OS layer, 'Scope' is analyzed as 'S:C'. Sharp reported...

9.1CVSS7.5AI score0.03232EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/12/16 4:29 a.m.•5 views

Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)

Overview CONPROSYS HMI System CHS provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2022-44456 Use of Default Credentials CWE-1392 - CVE-2023-22331 Use of Password Hash Instead of Password for Authentication CWE-836 - CVE-2023-22334...

10CVSS7.2AI score0.69877EPSS
Exploits0References19
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/11/21 6:31 a.m.•5 views

Typora fails to properly neutralize JavaScript code.

Overview Typora fails to properly neutralize JavaScript code CWE-116. Eiji Mori of Flatt Security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Opening a file with the affected product may lead to...

6.1CVSS6.8AI score0.00357EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/10/07 5:30 a.m.•5 views

Growi vulnerable to improper access control

Overview GROWI provided by WESEEK, Inc. contains an improper access control vulnerability CWE-284. Kenta Yamamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A us...

6.5CVSS6.6AI score0.00782EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/10/06 4:5 a.m.•5 views

IPFire WebUI vulnerable to cross-site scripting

Overview The web user interface of IPFire provided by IPFire Project contains multiple stored cross-site scripting vulnerabilities CWE-79. This analysis assumes a scenario where one administrative user prepares malicious content, and then another administrative user accesses this content, resulti...

4.8CVSS6AI score0.00681EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/08/23 5:31 a.m.•5 views

UNIMO Technology digital video recorders vulnerable to missing authentication for critical functions

Overview Multiple digital video recorders provided by UNIMO Technology Co., Ltd do not perform authentication for some critical functions CWE-306 in the device management web interface. The reporter states that attacks exploiting this vulnerability have been observed. Yoshiki Mori, Ushimaru Hayat...

9.8CVSS7.2AI score0.01249EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/08/18 6:45 a.m.•5 views

Trend Micro Endpoint security products for enterprises vulnerable to Link Following Local Privilege Escalation

Overview Trend Micro Incorporated has released security updates for Endpoint security products for enterprises. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. Impact A non-administrative user of the system where the affected product...

7.8CVSS6.7AI score0.00546EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/06/23 5:21 a.m.•5 views

web2py vulnerable to open redirect

Overview web2py contains an open redirect vulnerability CWE-601. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When accessing a specially crafted URL, t...

6.1CVSS6.6AI score0.01478EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/06/01 7:12 a.m.•5 views

T&D Data Server and THERMO RECORDER DATA SERVER contain a directory traversal vulnerability.

Overview T Data Server and THERMO RECORDER DATA SERVER provided by T Corporation contain a directory traversal vulnerability CWE-22. Shun Asai of FiveDrive, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

7.5CVSS6.7AI score0.03234EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/05/24 6:27 a.m.•5 views

Trend Micro Password Manager vulnerable to privilege escalation

Overview Trend Micro Incorporated has released a security update for Trend Micro Password Manager. Trend Micro Incorporated reported the vulnerability to JPCERT/CC to notify users of the solutions through JVN. Impact A non-administrative user of the system where the affected product is installed...

7.8CVSS7.1AI score0.00404EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/04/15 4:15 a.m.•5 views

WordPress Plugin "MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership" vulnerable to cross-site request forgery

Overview WordPress Plugin "MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership" provided by VideoWhisper contains a cross-site request forgery vulnerability CWE-352. Kosuke Sakai reported and coordinated with the developer to fix this vulnerability. After coordination was...

8.8CVSS6.8AI score0.00781EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/04/07 7:58 a.m.•5 views

Trend Micro Antivirus for Mac vulnerable to privilege escalation

Overview Trend Micro Incorporated has released a security update for Trend Micro Antivirus for Mac. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A user who can log in to the system where the affected product is installed may...

8.5CVSS7.1AI score0.01187EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/03/30 6:23 a.m.•5 views

WordPress Plugin "Advanced Custom Fields" vulnerable to missing authorization

Overview WordPress Plugin "Advanced Custom Fields" provided by Delicious Brains contains a missing authorization vulnerability CWE-862. Keitaro Yamazaki of Ierae Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.5CVSS6.6AI score0.01437EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/03/30 5:0 a.m.•5 views

AttacheCase may insecurely load Dynamic Link Libraries

Overview AttacheCase may insecurely load Dynamic Link Libraries. AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Taizoh Tsukamoto of...

7.8CVSS6.9AI score0.00362EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/03/08 6:56 a.m.•5 views

Multiple vulnerabilities in OMRON CX-Programmer

Overview CX-Programmer provided by OMRON Corporation contains multiple vulnerabilities listed below. Out-of-bounds Write CWE-787 - CVE-2022-21124 Use After Free CWE-416 - CVE-2022-25230 Use After Free CWE-416 - CVE-2022-25325 Out-of-bounds Read CWE-125 - CVE-2022-21219 Out-of-bounds Write CWE-787...

7.8CVSS7.5AI score0.01456EPSS
Exploits0References15
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/03/03 5:42 a.m.•5 views

Multiple vulnerabilities in Trend Micro ServerProtect

Overview Trend Micro Incorporated has released security updates for ServerProtect. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Remote control execution due to insufficiently protected static credentials Denial-of-servic...

9.8CVSS8.3AI score0.04872EPSS
Exploits2References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/03/03 5:32 a.m.•5 views

Norton Security for Mac improperly processes ICMP packets

Overview Norton Security for Mac provided by NortonLifeLock Inc. is antivirus software. Norton Security for Mac improperly processes ICMP packets, which may result in OS to crash CWE-20. Yuki Meguro of Tohoku Information Systems Company, Incorporated reported this vulnerability to IPA. JPCERT/CC...

7.1CVSS6.5AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/02/22 5:22 a.m.•5 views

EC-CUBE improperly handles HTTP Host header values

Overview EC-CUBE provided by EC-CUBE CO.,LTD. improperly handles HTTP Host header values CWE-913. EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LTD. coordinated under the Information Security Early Warning...

5.3CVSS6.7AI score0.01138EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/02/08 7:13 a.m.•5 views

Multiple vulnerabilities in multiple ELECOM LAN routers

Overview Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Hidden functionality CWE-912 - CVE-2022-21173 Cross-site scripting CWE-79 - CVE-2022-21799 CVE-2022-21173 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this...

8.8CVSS6.8AI score0.00447EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/02/07 5:18 a.m.•5 views

Multiple ESET products for macOS vulnerable to improper server certificate verification

Overview Multiple ESET products for macOS are vulnerable to improper server certificate verification CWE-295. KOBAYASHI Yasuyuki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may...

5.9CVSS6.5AI score0.0166EPSS
Exploits4References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/01/12 6:37 a.m.•5 views

Jimoty App for Android uses a hard-coded API key for an external service

Overview Jimoty App for Android provided by Jimoty, Inc. uses a hard-coded API key for an external service CWE-798. Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact API key for...

4CVSS6.5AI score0.00203EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/12/24 1:58 a.m.•5 views

Multiple vulnerabilities in QNAP VioStar NVR

Overview VioStar series NVR provided by QNAP Systems contains multiple vulnerabilities listed below. Command injection CWE-77 - CVE-2021-38685 Improper authentication CWE-287 - CVE-2021-38686 Impact An arbitrary command may be executed by a remote attacker. - CVE-2021-38685 A remote attacker can...

9.8CVSS7.8AI score0.01471EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/12/09 4:43 a.m.•5 views

Multiple vulnerabilities in Trend Micro Security 2021 family (Consumer)

Overview Trend Micro Incorporated has released security updates for Trend Micro Security 2021 family Consumer. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Maximum Security 2021 A user who can log in to the system where...

7.8CVSS7.2AI score0.00301EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/12/02 8:16 a.m.•5 views

Multiple vulnerabilities in multiple ELECOM routers

Overview Multiple routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Improper access control leading to unauthorized activation of telnet service CWE-284 - CVE-2021-20862 OS command injection CWE-78 - CVE-2021-20863 Improper access control leading to unauthorized...

8.8CVSS8.4AI score0.00862EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/11/26 5:59 a.m.•5 views

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2021-41243 Arbitrary code upload vulnerability in Database restore CWE-434 - CVE-2021-41279 CVE-2021-41243 Akagi Yusuke of NTT-ME CORPORATION reported this...

9.1CVSS8AI score0.02174EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/11/11 6:9 a.m.•5 views

Multiple vulnerabilities in EC-CUBE 2 series

Overview EC-CUBE 2 series provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Improper access control in Management screen CWE-284 - CVE-2021-20841 Cross-site request forgery vulnerability in Management screen CWE-352 - CVE-2021-20842 EC-CUBE CO.,LTD. reported these...

6.5CVSS7.1AI score0.01276EPSS
Exploits2References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/10/29 6:22 a.m.•5 views

Multiple vulnerabilities in CLUSTERPRO X and EXPRESSCLUSTER X

Overview CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain multiple vulnerabilities listed below. Buffer overflow in the Disk Agent CWE-119 - CVE-2021-20700, CVE-2021-20701 Buffer overflow in the Transaction Server CWE-119 - CVE-2021-20702, CVE-2021-20703 Buffer overflow in th...

10CVSS8.1AI score0.02131EPSS
Exploits0References20
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/10/29 5:58 a.m.•5 views

ESET Cyber Security and ESET Endpoint series vulnerable to denial-of-service (DoS)

Overview ESET Cyber Security and ESET Endpoint series are antivirus software. ESET Cyber Security and ESET Endpoint series for macOS contain a denial-of-service DoS vulnerability CWE-404. Zhou Tingrui of Kaijo Junior & Senior High School reported this vulnerability to the developer and IPA...

5.5CVSS6.5AI score0.00219EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/09/30 7:3 a.m.•5 views

Multiple vulnerabilities in Cybozu Remote Service

Overview Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-525 Cross-site request forgery vulnerability in the management screen CWE-352 - CVE-2021-20795 CyVDB-1742 Path traversal vulnerability in the management screen CWE-22 - CVE-2021-20796...

8.8CVSS7.2AI score0.01468EPSS
Exploits0References36
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/09/17 6:13 a.m.•5 views

Multiple vulnerabilities in Sharp NEC Display Solutions' public displays

Overview Multiple public displays provided by Sharp NEC Display Solutions, Ltd. contain multiple vulnerabilities listed below. Command Injection CWE-77 - CVE-2021-20698 Buffer Overflow CWE-120 - CVE-2021-20699 Howard McGreehan of Aon's Cyber Solutions reported these vulnerabilities to Sharp NEC...

10CVSS7.5AI score0.0166EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/08/25 5:54 a.m.•5 views

Multiple cross-site scripting vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Search screen CWE-79 - CVE-2021-20808 Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type CWE-79 -...

6.1CVSS6.3AI score0.00904EPSS
Exploits0References19
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/08/04 2:15 a.m.•5 views

Multiple vulnerabilities in multiple Trend Micro Endpoint security products for enterprises

Overview Multiple Endpoint security products for enterprises provided by Trend Micro Incorporated contain multiple vulnerabilities listed below. Incorrect Permission Assignment CWE-732 - CVE-2021-32464 Improper Preservation of Permissions CWE-281 - CVE-2021-32465 Improper Input Validation CWE-20 ...

8.8CVSS9.5AI score0.04951EPSS
Exploits0References18
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/08/02 7:42 a.m.•5 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1782 Cross-site scripting vulnerability in Scheduler CWE-79 - CVE-2021-20753 CyVDB-2029 Improper input validation vulnerability in Workflow CWE-20 - CVE-2021-20754 CyVDB-2071 Viewing restrictions...

8CVSS6.5AI score0.00993EPSS
Exploits0References52
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/07/19 7:53 a.m.•5 views

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) vulnerable to cross-site scripting

Overview Trend Micro Incorporated has released a security update for InterScan Web Security Virtual Appliance IWSVA. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. Impact A user may be redirected to an arbitrary website due to the...

5.4CVSS6.1AI score0.01398EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/06/23 6:15 a.m.•5 views

Multiple cross-site scripting vulnerabilities in EC-CUBE

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20750 Cross-site scripting vulnerability CWE-79 - CVE-2021-20751 hibiki moriyama of STNet, Incorporated reported these...

6.1CVSS6.4AI score0.01557EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/06/15 7:9 a.m.•5 views

Multiple ETUNA EC-CUBE plugins vulnerable to cross-site scripting

Overview Multiple EC-CUBE plugins provided by ETUNA contain a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE. As of 2021 June 15, an attack exploting this vulnerability has been observed in the wil...

6.1CVSS5.9AI score0.01121EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/06/14 6:10 a.m.•5 views

Multiple vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. NoSQL injection CWE-943 - CVE-2021-20736 Improper authentication CWE-287 - CVE-2021-20737 Impact The expected impact depends on each vulnerability, but it may be affected as follows. A user who can access the...

9.1CVSS7.1AI score0.01307EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/06/11 6:24 a.m.•5 views

WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting

Overview WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a stored cross-site scripting vulnerability CWE-79. Yu Iwama of Secure Sky Technology Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.1CVSS5.8AI score0.01044EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/05/14 6:35 a.m.•5 views

mod_auth_openidc vulnerable to denial-of-service (DoS)

Overview modauthopenidc provided by ZmartZone is an OpenID Connect's Relying Party module for Apache HTTP Server. This module contains a denial-of-service DoS vulnerability CWE-400. Tatsuhiko Yasumatsu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

7.5CVSS6.7AI score0.03395EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/05/10 9:8 a.m.•5 views

EC-CUBE vulnerable to cross-site scripting

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE. As of 2021 May 10, an attack exploting this vulnerability has been observed in the wild...

7.1CVSS6AI score0.02308EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/04/12 6:32 a.m.•5 views

D-Link DAP-1880AC contains multiple vulnerabilities

Overview DAP-1880AC provided by D-Link Japan K.K. contains multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2021-20694 Improper privilege management CWE-269 - CVE-2021-20695 OS command injection CWE-78 - CVE-2021-20696 Missing authentication for critical function CWE-3...

9.8CVSS8.1AI score0.02399EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/03/25 9:6 a.m.•5 views

Yomi-Search vulnerable to cross-site scripting

Overview Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 22, 2021, it was judged that an...

6.1CVSS6.1AI score0.00756EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/02/10 5:1 a.m.•5 views

Wekan vulnerable to cross-site scripting

Overview Wekan, open source kanban board system, is vulnerable to cross-site scripting CWE-79. This vulnerability is treated as one of multiple cross-site scripting vulnerabilities, named "Fieldbleed". Ryoya Koyama at Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...

5.4CVSS6AI score0.00751EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/02/05 7:24 a.m.•5 views

WordPress Plugin "Name Directory" vulnerable to cross-site request forgery

Overview WordPress Plugin "Name Directory" provided by J. Peters contains a cross-site request forgery vulnerability CWE-352. Yuta Asai of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to the developer and...

8.8CVSS6.6AI score0.0084EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/02/04 6:39 a.m.•5 views

Panasonic Video Insight VMS vulnerable to arbitrary code execution

Overview Video Insight VMS provided by Panasonic Corporation contains an arbitrary code execution vulnerability CWE-94 because unencrypted communication exists in the communication using non-well known ports. Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its...

10CVSS7.7AI score0.02815EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/01/26 7:33 a.m.•5 views

Multiple vulnerabilities in multiple ELECOM products

Overview Multiple products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2021-20643 Script injection in web setup page CWE-74 - CVE-2021-20644 Stored cross-site scripting CWE-79 - CVE-2021-20645 Cross-site request forgery CWE-352 ...

10CVSS7.5AI score0.99975EPSS
Exploits6References25
Total number of security vulnerabilities5000