Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/05/13 8:59 a.m.•2 views

Multiple vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. HTML attribute value injection vulnerability CWE-74 - CVE-2020-5574 Cross-site scripting due to a flaw in processing multiple query strings CWE-79 - CVE-2020-5575 Cross-site request forgery CWE-352 -...

8.8CVSS7.2AI score0.01733EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/04/28 6:49 a.m.•2 views

Sales Force Assistant vulnerable to cross-site scripting

Overview Sales Force Assistant provided by NI Consulting CO.,Ltd. contains a cross-site scripting vulnerability CWE-79. Masanobu Miyagi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may...

5.4CVSS6AI score0.00849EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/04/28 3:21 a.m.•2 views

Directory Permission Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

Overview A directory permission vulnerability was found in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official...

6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/04/08 7:12 a.m.•2 views

Multiple vulnerabilities in EasyBlocks IPv6

Overview EasyBlocks IPv6 provided by Plat'Home Co., Ltd. contains multiple vulnerabilities listed below. Cross site request forgeryCWE-352 - CVE-2020-5549 Session fixation CWE-384 - CVE-2020-5550 Hideki SAKAMOTO of Tsukuba Secure Network Research reported this vulnerability to IPA. JPCERT/CC...

8.8CVSS6.7AI score0.0186EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/03/31 4:37 a.m.•2 views

Denial-of-service (DoS) vulnerability in Mitsubishi Electric MELSOFT transmission port

Overview MELSOFT transmission port UDP/IP of MELSEC iQ-R, iQ-F, Q, L, and F series provided by Mitsubishi Electric Coporation contains an uncontrolled resource consumption issue CWE-400. When MELSOFT transmission port receives massive amount of data, resource consumption occurs and the port does...

7.5CVSS6.8AI score0.01331EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/03/24 9:5 a.m.•2 views

mailform vulnerable to cross-site scripting

Overview mailform provided by keitai-site.net is a PHP script providing mail form functions to a website. mailform contains a stored cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it...

6.1CVSS6AI score0.00773EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/02/25 6:29 a.m.•2 views

Privilege escalation vulnerability in multiple RICOH printer drivers

Overview Multiple RICOH printer drivers contain a privilege escalation vulnerability. RICOH COMPANY, LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Name of company/Organization coordinated under the Information Security Early Warning...

7.8CVSS6.8AI score0.04566EPSS
Exploits8References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/02/25 5:6 a.m.•2 views

Cross-site Request Forgery Vulnerability in RICOH printers

Overview Multiple RICOH printers contain Cross-site Request Forgery CWE-352. RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership. Impact If a user...

8.8CVSS6.6AI score0.00714EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/02/19 5:39 a.m.•2 views

Multiple OS command injection vulnerabilities in Aterm WF1200C, Aterm WG1200CR, and Aterm WG2600HS

Overview Aterm WF1200C, Aterm WG1200CR, and Aterm WG2600HS provided by NEC Corporation contain multiple OS command injection vulnerabilities listed below. OS command injection vulnerability in UPnP function CWE-78 - CVE-2020-5524 OS command injection vulnerability in management screen CWE-78 -...

8.8CVSS7.7AI score0.01019EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/02/14 4:39 a.m.•2 views

Multiple Trend Micro products vulnerable to denial-of-service (DoS)

Overview Premium Security 2019 for Windows, Maximum Security 2019 for Windows, Internet Security 2019 for Windows, and Antivirus+ Security 2019 for Windows provided by Trend Micro Incorporated contain a denial-of-service DoS vulnerability CWE-400. BlackWingCat of Pink Flying Whale reported this...

6.2CVSS6.5AI score0.00365EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/02/05 4:51 a.m.•2 views

Ghostscript access restriction bypass vulnerability

Overview Ghostscript provided by Artifex Software Inc. contains an access restriction bypass vulnerability CWE-284. Hiroki MATSUKUMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

8.8CVSS6.8AI score0.03434EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/17 6:8 a.m.•2 views

Trend Micro Password Manager vulnerable to information disclosure

Overview Password Manager provided by Trend Micro Incorporated generates a key pair and a root certificate on product installation. The generated private key is not properly protected and any non-administrative user can retrieve the private key CWE-200. Note that this vulnerability is different...

5.5CVSS6.5AI score0.00472EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/17 6:1 a.m.•2 views

Trend Micro Password Manager vulnerable to information disclosure

Overview Password Manager provided by Trend Micro Incorporated contains an information disclosure vulnerability CWE-200. Under certain conditions, the information ID, password etc. managed by Password Manager are kept on the memory in plaintext. They may be retrieved when the memory scan is done...

5.6CVSS6.2AI score0.00976EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/24 7:1 a.m.•2 views

DoS Vulnerability in Hitachi Compute Systems Manager

Overview A DoS vulnerability was found in Hitachi Compute Systems Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/17 4:55 a.m.•2 views

Multiple vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Directory traversal in the "Customapp" function CWE-22 - CVE-2019-6022 Browse restriction bypass in the application "Address" CWE-284 - CVE-2019-6023 Two vulnerabilities were reported by the following...

7.7CVSS7AI score0.02021EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/27 1:31 a.m.•2 views

STAMP Workbench installer may insecurely load Dynamic Link Libraries

Overview STAMP Workbench is a modeling tool for STAMP provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA. It is distirbuted as a ZIP archive or an Windows executable installer. The Windows executable installer contains an issue with the DLL search path, which may lead to insecurely...

7.8CVSS6.9AI score0.00755EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/10/15 3:39 a.m.•2 views

NetCommons3 vulnerable to cross-site scripting

Overview NetCommons3 provided by The NetCommons Project contains a cross-site scripting vulnerability CWE-79. Toshiki Sasazaki of Waseda University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrar...

6.1CVSS6AI score0.00781EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/10/02 1:59 a.m.•2 views

FON routers may behave as an open resolver

Overview FON routers contain an issue where they may behave as open resolvers. A device that behaves as a DNS resolver for recursive DNS queries from anyone on the internet is called "Open Resolver". FON routers contain an issue where they may behave as open resolvers. Hideyoshi Okazaki of ARTERI...

7.8CVSS6.6AI score0.01608EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/09/13 5:29 a.m.•2 views

Multiple buffer overflow vulnerabilities in multiple Ricoh printers and Multifunction Printers (MFPs)

Overview Multiple printers and Multifunction Printers MFPs provided by RICOH COMPANY, LTD. contain multiple buffer overflows vulnerabilities listed below. Buffer overflow in parsing HTTP cookie header CWE-119 - CVE-2019-14300 Buffer overflow in parsing HTTP parameter setting for Wifi, mDNS, POP3,...

9.8CVSS7.9AI score0.0312EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/07/31 6:29 a.m.•2 views

Central Dogma vulnerable to cross-site scripting

Overview Central Dogma provided by LINE Corporation contains a cross-site scripting vulnerability CWE-79. LINE Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and LINE Corporation coordinated under the Information Security Early Warning...

6.1CVSS6.1AI score0.0115EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/07/01 5:31 a.m.•2 views

The management console of iDoors Reader vulnerable to authentication bypass

Overview The management console of iDoors Reader provided by A.T.WORKS, Inc. contains an authentication bypass vulnerability CWE-288. Yusuke Nakano of Secure Cycle Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...

8.8CVSS6.8AI score0.00716EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/06/12 5:21 a.m.•2 views

WordPress Plugin "Contest Gallery" vulnerable to cross-site request forgery

Overview WordPress Plugin "Contest Gallery" provided by Contest-Gallery contains a cross-site request forgery vulnerability CWE-352. Okazawa Yoshihiro of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported this vulnerability to...

8.8CVSS6.5AI score0.01036EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/06/10 6:33 a.m.•2 views

Multiple vulnerabilities in WordPress Plugin "Online Lesson Booking"

Overview WordPress Plugin "Online Lesson Booking" provided by SUKIMALAB.COM contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2019-5972 Cross-site request forgery vulnerability CWE-352 - CVE-2019-5973 Natsumi Matsuoka of Cryptography...

8.8CVSS6.2AI score0.01596EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/06/10 6:31 a.m.•2 views

Multiple vulnerabilities in WordPress Plugin "Attendance Manager"

Overview WordPress Plugin "Attendance Manager" provided by SUKIMALAB.COM contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2019-5970 Cross-site request forgery vulnerability CWE-352 - CVE-2019-5971 Natsumi Matsuoka of Cryptography...

8.8CVSS6.2AI score0.01596EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/06/07 6:9 a.m.•2 views

Joruri CMS 2017 vulnerable to cross-site scripting

Overview Joruri CMS 2017 provided by SiteBridge Inc. contains a cross-site scripting vulnerability CWE-79. Yuji Tounai of Mercari, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may...

6.1CVSS6.1AI score0.0104EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/06/07 6:3 a.m.•2 views

Multiple vulnerabilities in Joruri Mail

Overview Joruri Mail provided by SiteBridge Inc. contains multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2019-5965 Session Management CWE-639 - CVE-2019-5966 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

6.1CVSS6.7AI score0.01133EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/05/24 6:13 a.m.•2 views

Android App "Tootdon for Mastodon" fails to verify SSL server certificates

Overview Android App "Tootdon for Mastodon" provided by Tsukurito, Inc. fails to verify SSL server certificates CWE-295. Gomasy reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may...

7.4CVSS6.5AI score0.00643EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/05/10 5:55 a.m.•2 views

Electronic reception and examination of application for radio licenses Offline may insecurely load Dynamic Link Libraries

Overview Electronic reception and examination of application for radio licenses Offline contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privileges of the running software. Solution Upda...

7.8CVSS6.9AI score0.00944EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/05/10 5:49 a.m.•2 views

Installer of Electronic reception and examination of application for radio licenses Online may insecurely load Dynamic Link Libraries

Overview Installer of Electronic reception and examination of application for radio licenses Online contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the...

7.8CVSS7.1AI score0.00944EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/05/10 4:55 a.m.•2 views

CREATE SD official App for Android fails to restrict access permissions

Overview CREATE SD official App for Android provided by CREATE SD CO., LTD. implements the function to access a requested URL using an Intent. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an Intent from an arbitrary App and t...

5.8CVSS6.8AI score0.01133EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/04/02 5:18 a.m.•2 views

The installer of Microsoft Teams may insecurely load Dynamic Link Libraries

Overview The installer of Microsoft Teams contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directory App Dir DLL planting", thus there is no plan to release a...

7.8CVSS7AI score0.04605EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/03/27 5:41 a.m.•2 views

PowerAct Pro Master Agent for Windows fails to restrict acess permissions

Overview PowerAct Pro Master Agent for Windows provided by OMRON SOCIAL SOLUTIONS Co.,Ltd. fails to restrict access permissions. Hosono, Akane reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user with an...

6.5CVSS6.7AI score0.01336EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/03/12 5:28 a.m.•2 views

iChain Insurance Wallet App for iOS vulnerable to directory traversal

Overview iChain Insurance Wallet App for iOS provided by iChain, Inc. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/C...

8.6CVSS6.7AI score0.03305EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/28 6:57 a.m.•2 views

WordPress plugin "Smart Forms" vulnerable to cross-site request forgery

Overview The WordPress plugin "Smart Forms" provided by RedNao contains a cross-site request forgery vulnerability CWE-352. Masaki Saito of TDU Cryptography Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

8.8CVSS6.6AI score0.0116EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/02/05 5:9 a.m.•2 views

POWER EGG vulnerability where EL expression may be executed

Overview POWER EGG provided by D-CIRCLE inc. is an integrated collaboration tool. POWER EGG contains a vulnerability where an arbitray EL expression may be executed CWE-20. Touma Hatano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

9.8CVSS7.1AI score0.01479EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/01/24 6:37 a.m.•2 views

HOUSE GATE App for iOS vulnerable to directory traversal

Overview HOUSE GATE App for iOS provided by HOUSE GATE inc. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...

8.6CVSS6.8AI score0.03305EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/01/10 6:45 a.m.•2 views

WordPress plugin "spam-byebye" vulnerable to cross-site scripting

Overview The WordPress plugin "spam-byebye" contains a reflected cross-site scripting vulnerability CWE-79 qw3rTyTy reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the...

6.1CVSS5.9AI score0.00952EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/26 3:9 a.m.•2 views

Clickjacking Vulnerability in Hitachi Automation Director

Overview A Clickjacking Vulnerability was found in Hitachi Automation Director. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

4.3CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/25 7:18 a.m.•2 views

Installer of Mapping Tool may insecurely load Dynamic Link Libraries

Overview Installer of Mapping Tool provided by Japan Atomic Energy Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Takashi Sugawara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...

7.8CVSS7AI score0.00985EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/10 5:26 a.m.•2 views

Multiple vulnerabilities in Cybozu Remote Service

Overview Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Upload of arbitrary files in logo setting screen CWE-434 - CVE-2018-16169 Directory traversal in used device management screen CWE-22 - CVE-2018-16170 Directory traversal in client certificates...

8.8CVSS7.2AI score0.01857EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/04 7:53 a.m.•2 views

Problem with directory permissions in JP1/Operations Analytics

Overview A problem with directory permissions was found in JP1/Operations Analytics. Impact Regarding the impact of the vulnarability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

5.6CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/12/04 7:53 a.m.•2 views

Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor

Overview Multiple vulnerabilities have been found in Hitachi Infrastructure Analytics Advisor. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate acti...

4.9CVSS7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/29 5:45 a.m.•2 views

Panasonic applications register unquoted service paths

Overview Some pre-installed applications on Panasonic PCs register Windows services with unquoted file paths CWE-428. Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Panasonic Corporation coordinated under the Information...

8.4CVSS6.5AI score0.01329EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/27 6:26 a.m.•2 views

Multiple vulnerabilities in RICOH Interactive Whiteboard

Overview RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. Command injection CWE-94 - CVE-2018-16184 Missing file signature - CVE-2018-16185 Hard-coded credentials for the administrator settings screen - CVE-2018-16186 The server...

10CVSS8.3AI score0.04317EPSS
Exploits0References15
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/14 6:38 a.m.•2 views

Multiple directory traversal vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple directory traversal vulnerabilities below. Directory traversal vulnerability due to a flaw in processing parameter of the HTTP request CWE-22 - CVE-2018-0703 Directory traversal vulnerability due to a flaw in processing parameter...

8.6CVSS7AI score0.01947EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/14 6:34 a.m.•2 views

Cybozu Mailwise vulnerable to directory traversal

Overview Cybozu Mailwise provided by Cybozu, Inc. contains a directory traversal vulnerability CWE-22 due to a flaw in processing parameter of the HTTP request. Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of it...

8.6CVSS6.8AI score0.01947EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/11/02 5:56 a.m.•2 views

WordPress plugin "Event Calendar WD" vulnerable to cross-site scripting

Overview The WordPress plugin "Event Calendar WD" provided by Web-Dorado contains a stored cross-site scripting vulnerability CWE-79. Yuta Kitaoka of TokyoDenkiUniversity Cryptography Lab reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.4CVSS5.9AI score0.01204EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/23 6:15 a.m.•2 views

Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor

Overview Multiple vulnerabilities have been found in Hitachi Infrastructure Analytics Advisor. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate acti...

9.8CVSS7AI score0.04767EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/10/19 5:45 a.m.•2 views

Web Isolation vulnerable to cross-site scripting

Overview Web Isolation provided by Symantec Corporation contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update the software to the latest version according to the information provide...

6.1CVSS6AI score0.00999EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/08/22 8:11 a.m.•2 views

Path Traversal Vulnerability in Hitachi Automation Director

Overview A Path Traversal Vulnerability was found in Hitachi Automation Director. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.1CVSS6.7AI score
Exploits0References2
Total number of security vulnerabilities5000