Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/29 12:0 a.m.•22 views

JVN#78084105: OpenPNE plugin "opTimelinePlugin" vulnerable to cross-site scripting

OpenPNE plugin "opTimelinePlugin" provided by OpenPNE Project contains a stored cross-site scripting vulnerability CWE-79 in Edit Profile page. Impact On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed ...

5.4CVSS5.6AI score0.0034EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/29 12:0 a.m.•25 views

JVN#35928117: Protection mechanism failure in RevoWorks

RevoWorks SCVX and RevoWorks Browser provided by J's Communication Co., Ltd. enable users to execute web browsers in the sandboxed environment isolated from the client's local environment. In the products, file exchange between the sandboxed environment and local environment is prohibited in...

9.1CVSS9.2AI score0.00485EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/29 12:0 a.m.•41 views

JVN#77203800: OET-213H-BTS1 missing authorization check in the initial configuration

OET-213H-BTS1 is a digital temperature measurement and face recognition terminal, developed by Zhejiang Uniview Technologies Co.,Ltd and provided by Atsumi Electric Co., Ltd. The initial configuration of the product is ​insecure CWE-1188, it does not perform an authorization check when processing...

8.3CVSS6.1AI score0.00333EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/27 5:25 a.m.•2 views

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Reflected cross-site scripting vulnerability in Site search Feature CWE-79 - CVE-2023-44379 Stored cross-site scripting vulnerability in Content Management CWE-79 - CVE-2024-26128 OS command...

8.1CVSS6.7AI score0.01455EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/27 12:0 a.m.•34 views

JVN#73283159: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Reflected cross-site scripting vulnerability in Site search Feature CWE-79 - CVE-2023-44379 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS...

8.1CVSS6.4AI score0.01455EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/21 11:15 p.m.•4 views

ELECOM wireless LAN routers vulnerable to OS command injection

Overview Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If a logged-in user with an administrative privilege sends a...

6.8CVSS7.4AI score0.00838EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/21 6:53 a.m.•3 views

EL Injection Vulnerability in Hitachi Global Link Manager

Overview An EL Injection Vulnerability CVE-2024-0715 exists in Hitachi Global Link Manager. Affected products and versions are listed below. Please upgrade your version to the appropriate version. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Plea...

9.8CVSS7AI score0.00457EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/20 5:14 a.m.•2 views

Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater

Overview Multiple wireless LAN routers and wireless LAN repeater provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2024-21798 Cross-Site Request Forgery CWE-352 - CVE-2024-23910 CVE-2024-21798 Yamaguchi Kakeru of Fujitsu Limited reported...

8.8CVSS6.4AI score0.01289EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/20 12:0 a.m.•48 views

JVN#44166658: Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater

Multiple wireless LAN routers and wireless LAN repeater provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2024-21798 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.8 CVSS v2|...

8.8CVSS9.1AI score0.01289EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/15 6:26 a.m.•3 views

Android App "Mopria Print Service" vulnerable to improper intent handling

Overview Android app "Mopria Print Service" provided by Mopria Alliance is vulnerable to improper intent handling CWE-668. Johan Francsics reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact When a malicious app is installed on the victim user's Android...

5.5CVSS6.5AI score
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/15 5:12 a.m.•2 views

a-blog cms vulnerable to URL spoofing

Overview a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains an URL spoofing vulnerability CWE-451. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

4.7CVSS6.6AI score0.00448EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/15 12:0 a.m.•28 views

JVN#48966481: a-blog cms vulnerable to URL spoofing

a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains an URL spoofing vulnerability CWE-451. Impact If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the...

4.7CVSS6.2AI score0.00448EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/07 6:39 a.m.•3 views

Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers

Overview Office/Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple out-of-bounds write vulnerabilities CWE-787, CVE-2023-6229, CVE-2023-6230, CVE-2023-6231, CVE-2023-6232, CVE-2023-6233, CVE-2023-6234, CVE-2024-0244. Canon Inc. reported these...

9.8CVSS7.8AI score0.01457EPSS
Exploits0References19
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/07 5:25 a.m.•2 views

Sharp NEC Display Solutions' public displays vulnerable to local file inclusion

Overview Multiple public displays provided by Sharp NEC Display Solutions, Ltd. contain a local file inclusion vulnerability CWE-22, CVE-2023-7077. Tunahan TEKEOÄžLU of Senior Cyber Security Consultant reported this vulnerability to Sharp NEC Display Solutions, Ltd. and coordinated. Sharp NEC...

9.8CVSS6.9AI score0.00694EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/07 4:38 a.m.•3 views

Zeroshell vulnerable to OS command injection

Overview The web interface of Zeroshell, Linux distribution provided by Zeroshell.org, contains an OS command injection vulnerability CWE-78. Hirukawa Norihiko of MYT Consulting Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

10CVSS7.7AI score0.36672EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/07 12:0 a.m.•31 views

JVN#44033918: Zeroshell vulnerable to OS command injection

The web interface of Zeroshell, Linux distribution provided by Zeroshell.org, contains an OS command injection vulnerability CWE-78. Impact Processing a crafted HTTP request may lead to an arbitrary OS command execution. Solution Stop using the product The developer states that the affected produ...

10CVSS9.5AI score0.36672EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/06 6:2 a.m.•3 views

Multiple buffer overflow vulnerabilities in HOME SPOT CUBE2

Overview HOME SPOT CUBE2 provided by KDDI CORPORATION contains multiple vulnerabilities listed below. Stack-based buffer overflow CWE-121 - CVE-2024-21780 Heap-based buffer overflow CWE-122 - CVE-2024-23978 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC...

9.8CVSS7.8AI score0.0065EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/06 5:46 a.m.•2 views

Incorrect permission assignment vulnerability in Trend Micro uiAirSupport

Overview Trend Micro Incorporated has released a security update for Trend Micro uiAirSupport. Proof-of-concept code PoC for this vulnerability is available on the Internet. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact The...

7.8CVSS7.5AI score0.00636EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/06 4:25 a.m.•2 views

Cybozu KUNAI for Android vulnerable to denial-of-service (DoS)

Overview Cybozu KUNAI for Android is a client application for using Cybozu products from an Android device. Cybozu KUNAI for Android contains an issue allowing to send massive requests to the connected Cybozu product if a user performs certain operations on KUNAI, which may result in repeated...

7.5CVSS6.5AI score0.00754EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/06 12:0 a.m.•36 views

JVN#18743512: Cybozu KUNAI for Android vulnerable to denial-of-service (DoS)

Cybozu KUNAI for Android is a client application for using Cybozu products from an Android device. Cybozu KUNAI for Android contains an issue allowing to send massive requests to the connected Cybozu product if a user performs certain operations on KUNAI, which may result in repeated session...

7.5CVSS7.4AI score0.00754EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/05 5:54 a.m.•2 views

File and Directory Permissions Vulnerability in Hitachi Tuning Manager

Overview A File and Directory Permissions Vulnerability CVE-2023-6457 exists in Hitachi Tuning Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

7.1CVSS6.8AI score0.00141EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/01 4:48 a.m.•2 views

Group Office vulnerable to cross-site scripting

Overview Group Office provided by Intermesh BV contains a stored cross-site scripting vulnerability CWE-79. Yoichi Tsuzuki of FFRI Security, Inc. and Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.4CVSS5.9AI score0.00618EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/01 4:41 a.m.•2 views

Payment EX vulnerable to information disclosure

Overview Payment EX provided by Simplesite contains an information disclosure vulnerability CWE-200. Impact A remote unauthenticated attacker may obtain the information of the user who purchases merchandise using Payment EX. Solution Update the Software Update the software to the latest version...

7.5CVSS6.5AI score0.00571EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/01 12:0 a.m.•20 views

JVN#41129639: Payment EX vulnerable to information disclosure

Payment EX provided by Simplesite contains an information disclosure vulnerability CWE-200. Impact A remote unauthenticated attacker may obtain the information of the user who purchases merchandise using Payment EX. Solution Update the Software Update the software to the latest version according ...

7.5CVSS6.4AI score0.00571EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/01 12:0 a.m.•17 views

JVN#63567545: Group Office vulnerable to cross-site scripting

Group Office provided by Intermesh BV contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the product. Solution Update the Application Update the application to the latest version according to...

5.4CVSS5.2AI score0.00618EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/31 7:1 a.m.•3 views

Multiple vulnerabilities in SHARP Energy Management Controller with Cloud Services

Overview Energy Management Controller with Cloud Services provided by SHARP CORPORATION contains multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2024-23783 Improper access control CWE-284 - CVE-2024-23784 Cross-site request forgery CWE-352 - CVE-2024-23785 Stored...

9.8CVSS7.5AI score0.01176EPSS
Exploits0References16
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/31 6:25 a.m.•1 views

File and Directory Permissions Vulnerability in Hitachi Storage Plug-in for VMware vCenter

Overview A File and Directory Permissions Vulnerability exists in Hitachi Storage Plug-in for VMware vCenter. Affected products and versions are listed below. Please upgrade your version to the appropriate version. Impact Regarding the impact of the vulnerability, please refer to the vendor...

7.9CVSS6.8AI score0.00142EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/24 8:16 a.m.•4 views

ELECOM wireless LAN routers vulnerable to OS command injection

Overview Multiple ELECOM wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If a logged-in user with an administrative privilege...

6.8CVSS7.4AI score0.00829EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/24 8:16 a.m.•4 views

Yamaha wireless LAN access point devices vulnerable to active debug code

Overview Active debug code CWE-489 exists in wireless LAN access point devices provided by Yamaha Corporation. The debug function can be enabled by performing specific operations. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer...

6.8CVSS7AI score0.00321EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/24 4:53 a.m.•5 views

Oracle WebLogic Server vulnerable to HTTP header injection

Overview Oracle WebLogic Server provided by Oracle contains an HTTP header injection vulnerability CWE-113. Professional Service Department of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

8.6CVSS6.5AI score0.00503EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/24 4:46 a.m.•6 views

"Mercari" App for Android fails to restrict custom URL schemes properly

Overview "Mercari" App for Android by Mercari, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Shiga Takuma of BroadBand Security Inc...

6.1CVSS6.7AI score0.00385EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/24 12:0 a.m.•38 views

JVN#70818619: "Mercari" App for Android fails to restrict custom URL schemes properly

"Mercari" App for Android by Mercari, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an...

6.1CVSS6.2AI score0.00385EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/24 12:0 a.m.•51 views

JVN#93541851: Oracle WebLogic Server vulnerable to HTTP header injection

Oracle WebLogic Server provided by Oracle contains an HTTP header injection vulnerability CWE-113. Impact This vulnerability could be exploited by a remote attacker to conduct a cross-site scripting attack, etc., and as a result, the displayed page may be altered or an arbitrary script may be...

8.6CVSS8.2AI score0.00503EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/23 7:57 a.m.•3 views

Improper restriction of XML external entity references (XXE) in MLIT "Electronic Delivery Check System" and "Electronic delivery item Inspection Support System"

Overview "Electronic Delivery Check System" and "Electronic delivery item Inspection Support System" provided by Ministry of Land, Infrastructure, Transport and Tourism, Japan improperly restricts XML external entity references XXE CWE-611. Toyama Taku, Iwakawa Kento of NEC Corporation, and Manam...

5.5CVSS6.6AI score0.00233EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/23 7:53 a.m.•3 views

Android App "Spoon" uses a hard-coded API key for an external service

Overview Android App "Spoon" provided by Spoon Radio Japan Inc. uses a hard-coded API key for an external service CWE-798. Yoshihito Sakai of BroadBand Security, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

5.5CVSS6.6AI score0.00163EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/23 6:25 a.m.•1 views

Improper restriction of XML external entity references (XXE) in "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version)"

Overview "Electronic Delivery Check System Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version" provided by Ministry of Agriculture, Forestry and Fisheries improperly restricts XML external entity references XXE CWE-611. Iwakawa Kento and Toyama...

5.5CVSS6.6AI score0.00214EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/23 6:13 a.m.•3 views

Improper restriction of XML external entity references (XXE) in Electronic Deliverables Creation Support Tool provided by Ministry of Defense

Overview Electronic Deliverables Creation Support Tool provided by Ministry of Defense improperly restricts XML external entity references XXE CWE-611. Toyama Taku of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.5CVSS6.6AI score0.00195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/23 12:0 a.m.•32 views

JVN#96154238: Android App "Spoon" uses a hard-coded API key for an external service

Android App "Spoon" provided by Spoon Radio Japan Inc. uses a hard-coded API key for an external service CWE-798. Impact The hard-coded API key may be retrieved when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service. Note that t...

5.5CVSS5.3AI score0.00163EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/23 12:0 a.m.•24 views

JVN#77736613: Improper restriction of XML external entity references (XXE) in MLIT "Electronic Delivery Check System" and "Electronic delivery item Inspection Support System"

"Electronic Delivery Check System" and "Electronic delivery item Inspection Support System" provided by Ministry of Land, Infrastructure, Transport and Tourism, Japan improperly restricts XML external entity references XXE CWE-611. Impact Processing a specially crafted XML file may lead to exposu...

5.5CVSS5.4AI score0.00233EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/23 12:0 a.m.•26 views

JVN#01434915: Improper restriction of XML external entity references (XXE) in "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version)"

"Electronic Delivery Check System Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version" provided by Ministry of Agriculture, Forestry and Fisheries improperly restricts XML external entity references XXE CWE-611. Impact Processing a specially craft...

5.5CVSS5.3AI score0.00214EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/23 12:0 a.m.•22 views

JVN#40049211: Improper restriction of XML external entity references (XXE) in Electronic Deliverables Creation Support Tool provided by Ministry of Defense

Electronic Deliverables Creation Support Tool provided by Ministry of Defense improperly restricts XML external entity references XXE CWE-611. Impact Processing a specially crafted XML file may lead to exposure of internal files on the system. Solution Update the Software Update the software to t...

5.5CVSS5.3AI score0.00195EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/22 6:57 a.m.•2 views

Access analysis CGI An-Analyzer vulnerable to open redirect

Overview Access analysis CGI An-Analyzer provided by ANGLERSNET Co,.Ltd. contains an open redirect vulnerability CWE-601. Tomoomi Iwata of Information-technology Promotion Agency, Japan reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

6.1CVSS6.6AI score0.00395EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/22 6:8 a.m.•4 views

Multiple vulnerabilities in a-blog cms

Overview a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Improper input validation CWE-20 - CVE-2024-23180 Cross-site scripting CWE-79 - CVE-2024-23181 Relative path traversal CWE-23 - CVE-2024-23182 Cross-site scripting CWE-79 - CVE-2024-23183 Improper input...

8.8CVSS7.2AI score0.00918EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/22 12:0 a.m.•33 views

JVN#73587943: Access analysis CGI An-Analyzer vulnerable to open redirect

Access analysis CGI An-Analyzer provided by ANGLERSNET Co,.Ltd. contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Apply the...

6.1CVSS6.2AI score0.00395EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/22 12:0 a.m.•68 views

JVN#34565930: Multiple vulnerabilities in a-blog cms

a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Improper input validation CWE-20 - CVE-2024-23180 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N| Base Score: 3.5 CVSS v2| AV:N/AC:M/Au:S/C:N/I:P/A:N| Base Score: 3.5...

8.8CVSS7.2AI score0.00918EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/19 3:30 a.m.•3 views

FusionPBX vulnerable to cross-site scripting

Overview FusionPBX contains a stored cross-site scripting vulnerability CWE-79. Satoshi Horikoshi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the web browser of the...

4.8CVSS5.8AI score0.00458EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/19 12:0 a.m.•26 views

JVN#67215338: FusionPBX vulnerable to cross-site scripting

FusionPBX contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the product. Solution Update the software Update the software to the latest version according to the information provided by the...

4.8CVSS4.8AI score0.00458EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/18 4:43 a.m.•1 views

Multiple Dahua Technology products vulnerable to authentication bypass

Overview Multiple products provided by Dahua Technology contain an authentication bypass vulnerability CWE-287. Mitsui Bussan Secure Directions, Inc. reported the vulnerability existed in "DHI-ASI7213Y-V3-T1" to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

10CVSS6.8AI score0.99871EPSS
Exploits12References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/18 12:0 a.m.•126 views

JVN#83655695: Multiple Dahua Technology products vulnerable to authentication bypass

Multiple products provided by Dahua Technology contain an authentication bypass vulnerability CWE-287. Impact The product's identity verification may be bypassed if a remote attacker sends specially crafted data packets. Solution Update the software Update the software to the latest version...

10CVSS9.4AI score0.99871EPSS
Exploits12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/16 4:41 a.m.•3 views

Drupal vulnerable to improper handling of structural elements

Overview Drupal provided by Drupal.org contains an improper handling of structural elements vulnerability CWE-237. Shiga Takuma of BroadBand Security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

7.5CVSS6.5AI score0.00791EPSS
Exploits0References7
Total number of security vulnerabilities5625