Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 6:29 a.m.•4 views

baserCMS plugin "Casebook Plugin" vulnerable to cross-site request forgery

Overview baserCMS plugin "Casebook Plugin" contains a cross-site request forgery vulnerability CWE-352. Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

8.8CVSS6.7AI score0.00629EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/04 6:30 a.m.•4 views

WisePoint contains issue in preventing clickjacking attacks

Overview WisePoint contains an issue in the protection against clickjacking attacks on the management screen. Hiroki Ikemoto of NTT SOFT SERVICE Corp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user...

6.1CVSS6.5AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/04 6:30 a.m.•4 views

AQUOS Photo Player HN-PP150 vulnerable to cross-site request forgery

Overview AQUOS Photo Player HN-PP150 provided by Sharp Corporation contains a cross-site request forgery vulnerability CWE-352. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact ...

5.8CVSS6.5AI score0.00766EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/03/07 8:0 a.m.•4 views

Information Disclosure Vulnerability in Hitachi Compute Systems Manager

Overview An Information Disclosure Vulnerability was found in Hitachi Compute Systems Manager. Impact An attacker might exploit this vulnerability to obtain sensitive session information. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriat...

3.5CVSS6.2AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/25 7:9 a.m.•4 views

Remote File Inclusion Vulnerability in Hitachi Command Suite

Overview A Remote File Inclusion Vulnerability was found in Hitachi Command Suite. Impact Malicious attacker might exploit this vulnerability to load external files into a browser. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate actio...

3.4CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/19 5:42 a.m.•4 views

EC-CUBE plugin "Help plug-in" vulnerable to SQL injection

Overview EC-CUBE plugin "Help plug-in" provided by Cuore contains an SQL injection vulnerability CWE-89. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

9.1CVSS7.6AI score0.01361EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 7:20 a.m.•4 views

Cybozu Office vulnerable to open redirect

Overview Cybozu Office contains an open redirect vulnerability in network functions. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest...

7.4CVSS6.6AI score0.01254EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 6:44 a.m.•4 views

Cybozu Office vulnerable to information disclosure

Overview Cybozu Office contains an information disclosure vulnerability in the mail function. Note that this vulnerability is different from JVN47296923. Impact When a specially crafted mail is opened, images files accessible by authenticated users may be obtained by a third-party. Solution Updat...

5CVSS6.1AI score0.01166EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/29 5:6 a.m.•4 views

JOB-CUBE vulnerable to cross-site scripting

Overview JOB-CUBE provided by WEBSQUARE Co.,Ltd. is software to build websites. JOB-CUBE contains a cross-site scripting vulnerability CWE-79. Masamu Asato of National institute of Technology,Okinawa College reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.4CVSS6AI score0.0085EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/29 4:50 a.m.•4 views

Vine MV vulnerable to cross-site scripting

Overview Vine MV contains a cross-site scripting vulnerability CWE-79. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the user's web browser. Solution Updat...

6.1CVSS6AI score0.01417EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/29 4:45 a.m.•4 views

EXPRESSCLUSTER X vulnerable to directory traversal

Overview EXPRESSCLUSTER X from NEC Corporation is software to provide high availability HA clustering. EXPRESSCLUSTER X contains an issue in WebManager, which may lead to directory traversal. Yusuke SAKAI of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

7.8CVSS6.5AI score0.03821EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/27 5:40 a.m.•4 views

HOME SPOT CUBE vulnerable to clickjacking

Overview HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains a clickjacking vulnerabilitiy. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.1CVSS6.8AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/27 5:40 a.m.•4 views

HOME SPOT CUBE vulnerable to cross-site request forgery

Overview HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains a cross-site request forgery vulnerability. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

7.5CVSS6.8AI score0.00556EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/15 4:57 a.m.•4 views

acmailer vulnerable to OS command injection

Overview acmailer provided by Seeds Co.,Ltd. contains an OS command injection vulnerability CWE-78. Kazuhiro Shibuta of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

9.1CVSS7.5AI score0.02411EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/25 5:45 a.m.•4 views

CG-WLBARAGM may behave as an open proxy

Overview CG-WLBARAGM provided by Corega Inc is a wireless LAN router. CG-WLBARAGM contains an issue where it may behave as an open proxy. Akihiro Nakajima of NTT Communications reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.8CVSS6.7AI score0.01599EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/25 5:33 a.m.•4 views

CG-WLBARGS does not properly perform authentication

Overview CG-WLBARGS provided by Corega Inc is a wireless LAN router. CG-WLBARGS does not properly perform authentication. Kousuke Kawahira of DWANGO Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

10CVSS6.8AI score0.02761EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/09 5:47 a.m.•4 views

WL-330NUL vulnerable to denial-of-service (DoS)

Overview WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a denial-of-service DoS vulnerability. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

4.3CVSS6.5AI score0.00633EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/09 5:38 a.m.•4 views

WL-330NUL information management vulnerability

Overview WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains an issue in information management. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

4.3CVSS6.5AI score0.00632EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/07 5:21 a.m.•4 views

GANMA! App for iOS fails to verify SSL server certificates

Overview GANMA! App for iOS provided by COMICSMART INC. fails to verify SSL server certificates. Yuji Tounai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attacker t...

5.9CVSS6.4AI score0.00696EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/30 4:44 a.m.•4 views

p++BBS vulnerable to cross-site scripting

Overview p++BBS provided by Let's PHP! contains a stored cross-site scripting vulnerability CWE-79. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the...

6.1CVSS5.9AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/30 4:44 a.m.•4 views

Frame high-speed chat vulnerable to cross-site scripting

Overview Frame high-speed chat provided by Let's PHP! contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an Update Update to the latest version according to the information provided by the developer...

6.1CVSS6.1AI score0.00765EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/27 4:29 a.m.•4 views

Apache Cordova vulnerable to improper application of whitelist restrictions

Overview Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms. Android applications built using Apache Cordova contain a vulnerability where whitelist restrictions are not properly applied. Muneaki Nishimura of Sony Digita...

4.3CVSS6.8AI score0.04216EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/13 5:25 a.m.•4 views

pWebManager vulnerable to OS command injection

Overview pWebManager provided by PC-EGG Co.,Ltd. contains an OS command injection vulnerability CWE-78. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary OS command may be executed on t...

6.5CVSS7.3AI score0.01302EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/28 5:50 a.m.•4 views

ANA App fails to verify SSL server certificates

Overview ANA App provided by ALL NIPPON AIRWAYS CO., LTD fails to verify SSL server certificates. AOKI Keiichi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attacker...

5.9CVSS6.5AI score0.00898EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/09 5:12 a.m.•4 views

Dojo Toolkit vulnerable to cross-site scripting

Overview Dojo Toolkit is a software to assist in building web applications. Dojo Toolkit contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

4.3CVSS6AI score0.02224EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/02 4:36 a.m.•4 views

gollum vulnerable to file exposure

Overview gollum is a wiki system that uses git repositories. gollum contains a vulnerability which may allow an attacker to view arbitrary files on the server. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.3CVSS6.7AI score0.01876EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/01 5:11 a.m.•4 views

AjaXplorer vulnerable to directory traversal

Overview AjaXplorer contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5CVSS6.7AI score0.01895EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/30 6:5 a.m.•4 views

MATCHA SNS vulnerable to code injection

Overview MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains a code injection CWE-94 vulnerability due to a flaw when configuring the database during installation. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

6.8CVSS7.7AI score0.01321EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 7:58 a.m.•4 views

Reversi vulnerable to URL whitelist bypass

Overview Reversi provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Reversi contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported...

6.8CVSS6.6AI score0.01093EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/16 7:58 a.m.•4 views

Auction Camera vulnerable to URL whitelist bypass

Overview Auction Camera provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Auction Camera contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout...

6.8CVSS6.6AI score0.01093EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/11 5:17 a.m.•4 views

PIXMA MG7500 Series vulnerable to cross-site request forgery

Overview PIXMA MG7500 Series provided by Canon Inc. contain a cross-site request forgery vulnerability. TOMITA Ryo of Fukuoka Junior High School attached to the Fukuoka University of Education FUE reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

6.8CVSS6.7AI score0.00649EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/11 5:16 a.m.•4 views

Japan Connected-free Wi-Fi vulnerable to allow URL whitelist bypass

Overview Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains an issue where an arbitrary page may be loaded if the application is launched with the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with...

6.8CVSS6.8AI score0.01118EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/02 6:46 a.m.•4 views

NScripter vulnerable to buffer overflow

Overview NScripter is a script engine to build and execute games. NScripter contains a buffer overflow vulnerability due to a flaw in processing save data. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.8CVSS7.6AI score0.02728EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/01 3:36 a.m.•4 views

desknet's NEO vulnerable to directory traversal

Overview desknet's NEO provided by NEOJAPAN Inc. contains a directory traversal CWE-22 vulnerability where it fails to verify html parameter in zhtml.cgi. Hiroyuki Yamashita of M Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

4CVSS6.6AI score0.01557EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/12 6:13 a.m.•4 views

Photo Gallery CMS for PC, smartphone and feature phone (Free) vulnerable to cross-site scripting

Overview Photo Gallery CMS for PC, smartphone and feature phone Free provided by PHP Kobo contains a cross-site scripting CWE-79 vulnerability in admin.php. Yuji Tounai of NTT Com SecurityJapan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

4.3CVSS6.1AI score0.01171EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/12 6:13 a.m.•4 views

Microsoft Office discloses a file path of a local file

Overview When a file such as a clipart or an image is inserted in Office documents, the absolute path of the local file is stored in "alternative text". Yosuke HASEGAWA of SecureSky Technology Inc. and Miyuki Chikara of MARUS JAPAN Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wi...

4.3CVSS6.2AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/08/07 4:50 a.m.•4 views

Yodobashi App for Android fails to verify SSL server certificates

Overview Yodobashi App for Android provided by Yodobashi Camera Co.,Ltd. fails to verify SSL server certificates. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack ma...

5.9CVSS6.5AI score0.00828EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/29 5:58 a.m.•4 views

yoyaku_v41 vulnerable to authentication bypass

Overview yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains an authentication bypass vulnerability CWE-592. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5CVSS7AI score0.01277EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/29 5:58 a.m.•4 views

yoyaku_v41 vulnerable to arbitrary file creation

Overview yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a vulnerability that may allow a remote attacker to create arbitrary files CWE-20. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.5CVSS7.3AI score0.02288EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/24 5:36 a.m.•4 views

Research Artisan Lite vulnerable to cross-site scripting

Overview Research Artisan Lite provided by Research Artisan Project is an access analysis tool. Research Artisan Lite contains multiple cross-site scripting vulnerabilities CWE-79. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

4.3CVSS6.1AI score0.01171EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/09 5:41 a.m.•4 views

Cacti vulnerable to cross-site scripting

Overview Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameters in graphview.php. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IP...

4.3CVSS5.8AI score0.05739EPSS
Exploits6References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/23 3:29 a.m.•4 views

Symfony vulnerable to code injection

Overview Symfony is an open source web application framework provided by SensioLabs. Symfony contains a code injection vulnerability. Applications with ESI support enabled and using the Symfony built-in reverse proxy the HttpCache class are affected. Takeshi Terada of Mitsui Bussan Secure...

6.8CVSS7.3AI score0.01365EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/09 5:15 a.m.•4 views

MilkyStep vulnerable to SQL injection

Overview MilkyStep provided by Igreks Inc. contains a SQL injection vulnerability. MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a SQL injection vulnerability CWE-89. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC...

7.5CVSS7.9AI score0.01285EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/05 5:16 a.m.•4 views

Multiple Buffalo wireless LAN routers vulnerable to OS command injection

Overview Multiple wireless LAN routers provided by BUFFALO INC. contain an OS command injection vulnerability. Masashi Sakai, Satoshi Ogawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An authenticated...

7.7CVSS7.8AI score0.0107EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/06/05 5:2 a.m.•4 views

NetFlow Analyzer fails to restrict access permissions

Overview NetFlow Analyzer provided by Zoho Corporation fails to restrict access permissions. Tomoshige Hasegawa, Akihito Mukai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Administrative operations, for...

7.5CVSS6.6AI score0.03409EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/15 3:23 a.m.•4 views

"Honda Moto LINC" App for Android fails to verify SSL server certificates

Overview "Honda Moto LINC" App for Android fails to verify SSL server certificates. Yasuyuki KOBAYASHI reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attacker to...

5.9CVSS6.5AI score0.00696EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/09 4:57 a.m.•4 views

Lhaplus vulnerable to directory traversal

Overview Lhaplus is a file compression/decompression software. Lhaplus contains an issue in processing file names, which may result in a directory traversal vulnerability. akirayou of Nico-TECH reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

5.8CVSS6.7AI score0.0156EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/20 3:30 a.m.•4 views

MP Form Mail CGI eCommerce edition vulnerable to code injection

Overview MP Form Mail CGI eCommerce edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce edition contains a code injection vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...

7.5CVSS7.1AI score0.02443EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/04 5:49 a.m.•4 views

Maroyaka Image Album vulnerable to cross-site scripting

Overview Maroyaka Image Album provided by Maroyaka CGI is a CGI script for placing image files within a website. Maroyaka Image Album contains a cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

4.3CVSS6.1AI score0.01148EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/02/27 6:57 a.m.•4 views

Cross-site Scripting Vulnerability in Hitachi IT Operations Analyzer

Overview A cross-site scripting vulnerability was found in the online help of Hitachi IT Operations Analyzer. Impact Remote users can exploit a cross-site scripting vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasur...

4.3CVSS6.2AI score
Exploits0References2
Total number of security vulnerabilities5000