Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/16 12:0 a.m.•45 views

JVN#63383723: Drupal vulnerable to improper handling of structural elements

Drupal provided by Drupal.org contains an improper handling of structural elements vulnerability CWE-237. Impact An attacker may be able to cause a denial-of-service DoS condition. Solution Update the Software Update the software to the latest version 10 series according to the information provid...

7.5CVSS7.2AI score0.00791EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/15 6:59 a.m.•4 views

Pleasanter vulnerable to cross-site scripting

Overview Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability CWE-79. Masamitsu Kushi of Operation Group, Communication Technology Department, Digital Innovation HQ at Mitsubishi Heavy Industries, Ltd. reported this vulnerability to Implem Inc. and coordinated. After t...

6.1CVSS6AI score0.00355EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/15 6:19 a.m.•3 views

Thermal camera TMC series vulnerable to insufficient technical documentation

Overview Thermal camera TMC series provided by THREE R SOLUTION CORP. JAPAN are vulnerable to insufficient technical documentation CWE-1059. The related documentation does not describe the existence of the network interface, nor the internal storage for pictures and measurement data. Hiroyuki...

4.6CVSS6.5AI score0.00238EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/15 12:0 a.m.•28 views

JVN#96240417: Thermal camera TMC series vulnerable to insufficient technical documentation

Thermal camera TMC series provided by THREE R SOLUTION CORP. JAPAN are vulnerable to insufficient technical documentation CWE-1059. The related documentation does not describe the existence of the network interface, nor the internal storage for pictures and measurement data. Impact The user of th...

4.6CVSS4.6AI score0.00238EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/15 12:0 a.m.•18 views

JVN#51135247: Pleasanter vulnerable to cross-site scripting

Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability CWE-79. Impact If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user. Solution Update t...

6.1CVSS5.9AI score0.00355EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/12 4:51 a.m.•1 views

Improper input validation vulnerability in WordPress Plugin "WordPress Quiz Maker Plugin"

Overview WordPress Plugin "WordPress Quiz Maker Plugin" provided by AYS Pro Plugins contains an improper input validation vulnerability CWE-20. Shogo Kumamaru of LAC CyberLink Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

6.5CVSS6.6AI score0.00726EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/12 12:0 a.m.•34 views

JVN#37326856: Improper input validation vulnerability in WordPress Plugin "WordPress Quiz Maker Plugin"

WordPress Plugin "WordPress Quiz Maker Plugin" provided by AYS Pro Plugins contains an improper input validation vulnerability CWE-20. Impact A user of the product may use the product to perform a Denial of Service DoS attack against external services. Solution Update the plugin Update the plugin...

6.5CVSS6.3AI score0.00726EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/10 4:57 a.m.•3 views

Multiple TP-Link products vulnerable to OS command injection

Overview Multiple products provided by TP-LINK contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2024-21773 OS command injection CWE-78 - CVE-2024-21821 OS command injection CWE-78 - CVE-2024-21833 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to...

8.8CVSS7.9AI score0.01072EPSS
Exploits0References15
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/10 4:46 a.m.•2 views

Multiple vulnerabilities in Panasonic Control FPWIN Pro7

Overview Control FPWIN Pro7 provided by Panasonic contains multiple vulnerabilities listed below. Stack-based Buffer Overflow CWE-121 - CVE-2023-6314 Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-119 - CVE-2023-6315 Michael Heinzl reported these vulnerabilities to th...

7.8CVSS7.4AI score0.00274EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/26 7:46 a.m.•19 views

Multiple vulnerabilities in PowerCMS

Overview PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the management screen CWE-79 - CVE-2023-49117 Open redirect vulnerability in the members' site CWE-601 - CVE-2023-50297 Alfasado Inc. reported these...

6.1CVSS5.9AI score0.00402EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/26 6:51 a.m.•2 views

Multiple vulnerabilities in BUFFALO VR-S1000

Overview VR-S1000 provided by BUFFALO INC. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-45741 Argument injection CWE-88 - CVE-2023-46681 Use of hard-coded cryptographic key CWE-321 - CVE-2023-46711 Information disclosure CWE-200 - CVE-2023-51363...

7.8CVSS7.2AI score0.00329EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/26 12:27 a.m.•4 views

Brother iPrint&Scan Desktop for Windows vulnerable to improper link resolution before file access

Overview iPrint Desktop for Windows provided by Brother Industries, Ltd. outputs logs to a certain log file. The affected version of the product does not check whether the log file is a normal file or a symbolic link to a certain file CWE-59. Chris Au reported this vulnerability to Brother...

6.5CVSS6.5AI score0.00186EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/26 12:0 a.m.•31 views

JVN#32646742: Multiple vulnerabilities in PowerCMS

PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the management screen CWE-79 - CVE-2023-49117 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

6.1CVSS6AI score0.00402EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/26 12:0 a.m.•55 views

JVN#23771490: Multiple vulnerabilities in BUFFALO VR-S1000

VR-S1000 provided by BUFFALO INC. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-45741 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:P/I:P/A:P| Base Score: 5.2 Argument...

7.8CVSS6.7AI score0.00329EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/15 6:17 a.m.•3 views

WordPress plugin "MW WP Form" vulnerable to arbitrary file upload

Overview WordPress plugin "MW WP Form" provided by Web Consultation Office Co., Ltd can create a mail form using shortcode. MW WP Form contains a vulnerability that may allow an attacker to upload arbitrary files CVE-2023-6316, CWE-434. Impact When the "Saving inquiry data in database" option in...

9.8CVSS7.7AI score0.01448EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/13 6:30 a.m.•4 views

Multiple vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the presentation feature CWE-79 - CVE-2023-42436 Stored cross-site scripting vulnerability in the App Settings /admin/app page and the Markdown Settings...

6.5CVSS5.9AI score0.0045EPSS
Exploits0References31
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/13 6:6 a.m.•3 views

ELECOM wireless LAN routers vulnerable to OS command injection

Overview Multiple ELECOM wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability CWE-78. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If a logged-in user with an administrative...

6.8CVSS7.5AI score0.00862EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/13 12:0 a.m.•23 views

JVN#18715935: Multiple vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the presentation feature CWE-79 - CVE-2023-42436 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

6.5CVSS6AI score0.0045EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/11 5:12 a.m.•4 views

Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series

Overview HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contains multiple denial-of-service DoS vulnerabilities listed below. Denial-of-service DoS vulnerability in FTP service CWE-400 - CVE-2023-41963 Denial-of-service DoS vulnerability in commplex-link service CWE-400 - CVE-2023-491...

7.8CVSS7AI score0.00981EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/11 12:0 a.m.•62 views

JVN#34145838: Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series

HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contains multiple denial-of-service DoS vulnerabilities listed below. Denial-of-service DoS vulnerability in FTP service CWE-400 - CVE-2023-41963 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H|...

7.5CVSS7.9AI score0.00981EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/07 6:9 a.m.•2 views

FXC wireless LAN routers "AE1021PE" and "AE1021" vulnerable to OS command injection Critical

Overview "AE1021PE" and "AE1021" provided by FXC Inc. are information outlet-based wireless LAN routers. "AE1021PE" and "AE1021" contain an OS command injection vulnerability CWE-78. JPCERT/CC has confirmed the communication which exploits this vulnerability. Ryu Kuki, Takayuki Sasaki, and...

8.8CVSS7.7AI score0.50729EPSS
Exploits1References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/06 5:43 a.m.•4 views

OS command injection vulnerability in DT900

Overview DT900 contains an OS command injection vulnerability. reported by Mr. Gianluca Altomani. for NEC-PSIRT Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

9.8CVSS7.5AI score0.01496EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/04 4:45 a.m.•2 views

RakRak Document Plus vulnerable to path traversal

Overview RakRak Document Plus provided by Sumitomo Electric Information Systems Co., Ltd. contains a path traversal vulnerability CWE-22. Asato Masamu of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

8.8CVSS6.7AI score0.00874EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/04 12:0 a.m.•32 views

JVN#46895889: RakRak Document Plus vulnerable to path traversal

RakRak Document Plus provided by Sumitomo Electric Information Systems Co., Ltd. contains a path traversal vulnerability CWE-22. Impact Arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges. Solution Update the Software Update the software to t...

8.8CVSS8.7AI score0.00874EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/01 5:58 a.m.•3 views

Ruckus Access Point contains a cross-site scripting vulnerability.

Overview Ruckus Access Point provided by CommScope, Inc. contains a cross-site scripting vulnerability CWE-79. MUNEHIRO SHIRATANI of AGEST,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

6.1CVSS6AI score0.00414EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/01 12:0 a.m.•38 views

JVN#45891816: Ruckus Access Point vulnerable to cross-site scripting

Ruckus Access Point provided by CommScope, Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in the product. Solution Update the Software Update the software to the latest version according to the...

6.1CVSS6.1AI score0.00414EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/20 8:15 a.m.•3 views

Multiple vulnerabilities in LuxCal Web Calendar

Overview LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2023-46700 Cross-site scripting CWE-79 - CVE-2023-47175 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated wit...

9.8CVSS7.7AI score0.0103EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/20 5:9 a.m.•4 views

Multiple vulnerabilities in EXPRESSCLUSTER X

Overview WebManager/Cluster WebUI of EXPRESSCLUSTER X provided by NEC Corporation contains multiple vulnerabilities listed below. Missing authorization CWE-862 - CVE-2023-39544 Files or directories accessible to external parties CWE-552 - CVE-2023-39545 Use of password hash instead of password fo...

8.8CVSS8.1AI score0.00743EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/20 12:0 a.m.•48 views

JVN#15005948: Multiple vulnerabilities in LuxCal Web Calendar

LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2023-46700 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 7.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5 Cross-site...

9.8CVSS8AI score0.0103EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/17 8:31 a.m.•3 views

Multiple vulnerabilities in First Corporation's DVRs

Overview DVRs provided by First Co., Ltd. contain multiple vulnerabilities listed below. Use of hard-coded password CWE-259 - CVE-2023-47213 Missing authentication for critical function CWE-306 - CVE-2023-47674 Yoshiki Mori of National Institute of Information and Communications Technology...

9.8CVSS7.3AI score0.01264EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/17 5:32 a.m.•2 views

Redmine vulnerable to cross-site scripting

Overview Redmine contains a cross-site scripting vulnerability CWE-79 due to improper character string processing. Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6AI score0.00397EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/17 5:22 a.m.•4 views

Multiple vulnerabilities in CubeCart

Overview CubeCart provided by CubeCart Limited contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2023-38130 Directory traversal CWE-22 - CVE-2023-42428 Directory traversal CWE-22 - CVE-2023-47283 OS command injection CWE-78 - CVE-2023-47675 Gen Sato of Mitsu...

9.1CVSS7.9AI score0.01286EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/17 12:0 a.m.•38 views

JVN#13618065: Redmine vulnerable to cross-site scripting

Redmine contains a cross-site scripting vulnerability CWE-79 due to improper character string processing. Impact An arbitrary script may be executed on the web browser of the user who is using the product. Solution Update the Software Update the software to the latest version according to the...

6.1CVSS6AI score0.00397EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/17 12:0 a.m.•50 views

JVN#22220399: Multiple vulnerabilities in CubeCart

CubeCart provided by CubeCart Limited contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2023-38130 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score: 2.6...

8.1CVSS7.3AI score0.01286EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/15 9:27 a.m.•5 views

Multiple vulnerabilities in ELECOM and LOGITEC routers

Overview Multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2023-43752 Inadequate Encryption Strength CWE-326 - CVE-2023-43757 CVE-2023-43752 Chuya Hayakawa of 00One, Inc. reported this vulnerabilit...

8CVSS7.5AI score0.00999EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/15 8:44 a.m.•4 views

ASUSTeK COMPUTER RT-AC87U vulnerable to improper access control

Overview RT-AC87U provided by ASUSTeK COMPUTER INC. contains an improper access control vulnerability CWE-284. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An attacker may read or write files that are not intended to be...

9.1CVSS6.8AI score0.00745EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/14 5:5 a.m.•2 views

OSS Calendar vulnerable to SQL injection

Overview OSS Calendar provided by Thinkingreed Inc. contains an SQL injection vulnerability CWE-89. Shogo Iyota of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

8.8CVSS8.1AI score0.01089EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/14 12:0 a.m.•26 views

JVN#67822421: OSS Calendar vulnerable to SQL injection

OSS Calendar provided by Thinkingreed Inc. contains an SQL injection vulnerability CWE-89. Impact A logged-in user may execute an arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request. Solution Update the software Update the software...

8.8CVSS8.9AI score0.01089EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/13 8:28 a.m.•7 views

Multiple security updates for Trend Micro Apex One and Apex One as a Service (November 2023)

Overview Trend Micro Incorporated has released multiple security updates for Trend Micro Apex One and Apex One as a Service. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Privilege escalation due to a link following...

7.8CVSS6.8AI score0.00481EPSS
Exploits0References25
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/13 6:57 a.m.•4 views

Multiple vulnerabilities in Pleasanter

Overview Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-34439 Improper access control vulnerability CWE-284 - CVE-2023-45210 Open redirect vulnerability CWE-601 - CVE-2023-46688 Authentication bypass...

7.5CVSS6.2AI score0.00601EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/13 5:1 a.m.•3 views

Multiple vulnerabilities in Cisco Firepower Management Center Software

Overview Cisco Firepower Management Center Software provided by Cisco Systems contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-20219 Path traversal CWE-22 - CVE-2023-20220 Kentaro Kawane of LAC Co., Ltd. reported these vulnerabilitis to IPA. JPCERT/CC...

8.8CVSS7.7AI score0.01073EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/13 12:0 a.m.•52 views

JVN#17806703: Multiple vulnerabilities in Cisco Firepower Management Center Software

Cisco Firepower Management Center Software provided by Cisco Systems contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-20219 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.6 CVSS v2|...

8.8CVSS8.6AI score0.01073EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/13 12:0 a.m.•83 views

JVN#96209256: Multiple vulnerabilities in Pleasanter

Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-34439 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:M/Au:S/C:N/I:P/A:N| Base...

7.5CVSS6.2AI score0.01042EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/10 5:41 a.m.•4 views

Remarshal unlimitedly expanding YAML alias nodes

Overview Remarshal provided by Remarshal Project expands YAML alias nodes unlimitedly CWE-674, hence Remarshal is vulnerable to Billion Laughs Attack. Taichi Kotake of Sterra Security Co.,Ltd. / Akatsuki Games Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.5CVSS6.6AI score0.00962EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/10 5:41 a.m.•3 views

HOTELDRUID vulnerable to cross-site scripting

Overview HOTELDRUID provided by DigitalDruid.Net contains a cross-site scripting vulnerability CWE-79. Tomoro Taniguchi of FiveDrive, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script...

6.1CVSS6AI score0.00705EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/10 12:0 a.m.•29 views

JVN#99177549: HOTELDRUID vulnerable to cross-site scripting

HOTELDRUID provided by DigitalDruid.Net contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the product. Solution Update the software Update the software according to the information provided by the...

6.1CVSS6AI score0.00705EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/10 12:0 a.m.•37 views

JVN#86156389: Remarshal unlimitedly expanding YAML alias nodes

Remarshal provided by Remarshal Project expands YAML alias nodes unlimitedly CWE-674, hence Remarshal is vulnerable to Billion Laughs Attack. Impact Processing untrusted YAML files may cause a denial-of-service DoS condition. Solution Update the Software Update to the latest version according to...

7.5CVSS7.3AI score0.00962EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/07 4:47 a.m.•6 views

EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution

Overview EC-CUBE 3 series and 4 series provided by EC-CUBE CO.,LTD. contain an arbitrary code execution vulnerability CWE-94 due to improper settings of the product's template engine "Twig". Takeshi Miura of N.F.Laboratories Inc. reported this vulnerability to EC-CUBE CO.,LTD. EC-CUBE CO.,LTD. In...

7.2CVSS7.6AI score0.01582EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/07 12:0 a.m.•34 views

JVN#29195731: EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution

EC-CUBE 3 series and 4 series provided by EC-CUBE CO.,LTD. contain an arbitrary code execution vulnerability CWE-94 due to improper settings of the product's template engine "Twig". Impact Arbitrary code may be executed on the server where the product is running by a user with an administrative...

7.2CVSS7.3AI score0.01582EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/02 8:21 a.m.•5 views

FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength

Overview Multiple MFPs multifunction printers provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient CWE-1391. Kunal Thakrar and Ceri Coburn of Pen Test...

5.9CVSS6.6AI score0.0035EPSS
Exploits0References6
Total number of security vulnerabilities5625