Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/30 5:48 a.m.4 views

BookStack vulnerable to cross-site scripting

Overview BookStack contains a cross-site scripting vulnerability CWE-79. Kenichi Okuno of Mitsui Bussan Secure Directions, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...

5.4CVSS6AI score0.00692EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/30 12:0 a.m.21 views

JVN#78862034: BookStack vulnerable to cross-site scripting

BookStack contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the site using the API of the product. Solution Update the Software Update the software to the latest version according to the information...

5.4CVSS5.3AI score0.00692EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/16 6:30 a.m.3 views

OpenAM (OpenAM Consortium Edition) vulnerable to open redirect

Overview OpenAM OpenAM Consortium Edition provided by OpenAM Consortium contains an open redirect vulnerability CWE-601. OpenAM Consortium reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and OpenAM Consortium coordinated under the Information Securi...

6.1CVSS6.6AI score0.00438EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/15 7:30 a.m.4 views

Multiple vulnerabilities in EC-CUBE

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Directory traversal vulnerability CWE-22 - CVE-2022-40199 DOM-based cross-site scripting vulnerability CWE-79 - CVE-2022-38975 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported these...

5.4CVSS6.4AI score0.01056EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/15 7:13 a.m.8 views

EC-CUBE plugin "Product Image Bulk Upload Plugin" vulnerable to insufficient verification in uploading files

Overview EC-CUBE plugin "Product Image Bulk Upload Plugin", a plugin that enables to upload image files, provided by EC-CUBE CO.,LTD. contains an insufficient verification vulnerability when uploading files CWE-20. Exploiting this vulnerability allows a remote unauthenticated attacker to upload...

9.8CVSS7AI score0.00982EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/15 12:0 a.m.22 views

JVN#30900552: EC-CUBE plugin "Product Image Bulk Upload Plugin" vulnerable to insufficient verification in uploading files

EC-CUBE plugin "Product Image Bulk Upload Plugin", a plugin that enables to upload image files, provided by EC-CUBE CO.,LTD. contains an insufficient verification vulnerability when uploading files CWE-20. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary...

9.8CVSS9.5AI score0.00982EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/15 12:0 a.m.40 views

JVN#21213852: Multiple vulnerabilities in EC-CUBE

EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Directory traversal vulnerability CWE-22 - CVE-2022-40199 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N| Base Score: 2.7 CVSS v2| AV:N/AC:L/Au:S/C:P/I:N/A:N| Base Score:...

5.4CVSS4.8AI score0.01056EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/14 9:15 a.m.3 views

Multiple vulnerabilities in Trend Micro Apex One and Trend Micro Apex One as a Service

Overview Trend Micro Apex One and Trend Micro Apex One as a Service provided by Trend Micro Incorporated contain multiple vulnerabilities listed below. Improper validation in some components of the rollback mechanism CWE-20 - CVE-2022-40139 Improper access control CWE-284 - CVE-2022-40140...

9.8CVSS8AI score0.03054EPSS
Exploits0References23
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/14 2:34 a.m.3 views

DoS Vulnerability in uCosminexus TP1/Client/J and Cosminexus Service Coordinator

Overview DoS Vulnerability have been found in uCosminexus TP1/Client/J and Cosminexus Service Coordinator. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/14 12:0 a.m.73 views

JVN#36454862: Multiple vulnerabilities in Trend Micro Apex One and Trend Micro Apex One as a Service

Trend Micro Apex One and Trend Micro Apex One as a Service provided by Trend Micro Incorporated contain multiple vulnerabilities listed below. Improper validation in some components of the rollback mechanism CWE-20 - CVE-2022-40139 Version| Vector| Score ---|---|--- CVSS v3|...

9.8CVSS7.8AI score0.03054EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/09 6:1 a.m.3 views

Movable Type plugin A-Form vulnerable to cross-site scripting

Overview Movable Type plugin A-Form provided by ARK-Web co., ltd. contains a cross-site scripting vulnerability CWE-79. hibiki moriyama of STNet, Incorporated reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact ...

6.1CVSS6AI score0.00749EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/09 12:0 a.m.34 views

JVN#48120704: Movable Type plugin A-Form vulnerable to cross-site scripting

Movable Type plugin A-Form provided by ARK-Web co., ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the site using the product. Solution Update the Software Update A-Form to the latest version...

6.1CVSS6.1AI score0.00749EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/05 6:22 a.m.1 views

SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure

Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains an information disclosure vulnerability CWE-200. Thanks module of this product saves user input data for a certain period of time. The time is set to 30 seconds by default in configs/thanks.cgi file. To exploit this vulerability, it is...

5.9CVSS6.1AI score0.01244EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/05 12:0 a.m.34 views

JVN#34205166: SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure

Mailform Pro CGI provided by SYNCK GRAPHICA contains an information disclosure vulnerability CWE-200. Thanks module of this product saves user input data for a certain period of time. The time is set to 30 seconds by default in configs/thanks.cgi file. To exploit this vulnerability, it is require...

5.9CVSS5.5AI score0.01244EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/02 9:8 a.m.2 views

Multiple vulnerabilities in Contec FLEXLAN FX3000 and FX2000 series

Overview FLEXLAN FX3000 and FX2000 series provided by Contec Co., Ltd. contain multiple vulnerabilities listed below. Hidden Functionality CWE-912 - CVE-2022-36158 Use of Hard-coded Credentials CWE-798 - CVE-2022-36159 Thomas J. Knudsen and Samy Younsi of Necrum Security Labs reported these...

8.8CVSS7.5AI score0.01473EPSS
Exploits2References10
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/02 6:49 a.m.3 views

PowerCMS XMLRPC API vulnerable to command injection

Overview PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According to the...

9.8CVSS7.6AI score0.01676EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/02 12:0 a.m.41 views

JVN#76024879: PowerCMS XMLRPC API vulnerable to command injection

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According to the developer,...

9.8CVSS9.7AI score0.01676EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/29 8:37 a.m.3 views

Multiple vulnerabilities in CentreCOM AR260S V2

Overview CentreCOM AR260S V2 provided by Allied Telesis K.K. contains multiple vulnerabilities listed below. OS command injection vulnerability in GUI setting page CWE-78 - CVE-2022-35273 Use of hard-coded credentials for the telnet server CWE-798 - CVE-2022-38394 Undocumented hidden command that...

9.8CVSS8.1AI score0.01525EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/29 6:57 a.m.13 views

Installer of Ricoh Device Software Manager may insecurely load Dynamic Link Libraries

Overview Installer of Device Software Manager provided by RICOH COMPANY, LTD. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Tomohisa Hasegawa of Canon IT Solutions Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wit...

7.8CVSS7.1AI score0.0021EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/29 12:0 a.m.61 views

JVN#45473612: Multiple vulnerabilities in CentreCOM AR260S V2

CentreCOM AR260S V2 provided by Allied Telesis K.K. contains multiple vulnerabilities listed below. OS command injection vulnerability in GUI setting page CWE-78 - CVE-2022-35273 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

9.8CVSS9.3AI score0.01525EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/29 12:0 a.m.24 views

JVN#44721267: Installer of Ricoh Device Software Manager may insecurely load Dynamic Link Libraries

Installer of Device Software Manager provided by RICOH COMPANY, LTD. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the lates...

7.8CVSS7.8AI score0.0021EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/24 6:58 a.m.4 views

Movable Type XMLRPC API vulnerable to command injection

Overview Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According...

9.8CVSS7.8AI score0.01854EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/24 5:23 a.m.3 views

Multiple vulnerabilities in Exment

Overview Exment provided by Kajitori Co.,Ltd contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2022-38080 SQL injection CWE-89 - CVE-2022-37333 Stored cross-site scripting CWE-79 - CVE-2022-38089 CVE-2022-38080, CVE-2022-37333 Hibiki Moriyama of STNet,...

8.8CVSS7.3AI score0.0119EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/24 5:17 a.m.2 views

Multiple vulnerabilities in PukiWiki

Overview PukiWiki provided by PukiWiki Development Team contains multiple vulnerabilities listed below. Path Traversal CWE-22 - CVE-2022-34486 Reflected Cross-site Scripting CWE-79 - CVE-2022-27637 Harold Kim reported these vulnerabilities to the developer and coordinated. After coordination was...

7.7CVSS6.8AI score0.01116EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/24 12:0 a.m.36 views

JVN#57728859: Movable Type XMLRPC API vulnerable to command injection

Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According to the...

9.8CVSS9.8AI score0.01854EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/24 12:0 a.m.50 views

JVN#46239102: Multiple vulnerabilities in Exment

Exment provided by Kajitori Co.,Ltd contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2022-38080 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:H/Au:S/C:N/I:P/A:N| Base Score: 2.1...

8.8CVSS6.8AI score0.0119EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/23 6:2 a.m.2 views

PLANEX MZK-DP150N contains hidden administrative functionality

Overview MZK-DP150N provided by PLANEX COMMUNICATIONS INC. contains a hidden administrative screen CVE-2021-37289, CWE-912. In the initial settings of the product, the login account for the configuration screen is common to all products. Please change the account information from the initial...

7.2CVSS7.4AI score0.01398EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/23 5:40 a.m.2 views

PukiWiki vulnerable to cross-site scripting

Overview PukiWiki provided by PukiWiki Developers Team contains a stored cross-site scripting vulnerability CWE-79. Ryuhoh Ide of Department of Applied Physics, School of Engineering, The University of Tokyo reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

6.1CVSS5.9AI score0.00472EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/23 5:31 a.m.5 views

UNIMO Technology digital video recorders vulnerable to missing authentication for critical functions

Overview Multiple digital video recorders provided by UNIMO Technology Co., Ltd do not perform authentication for some critical functions CWE-306 in the device management web interface. The reporter states that attacks exploiting this vulnerability have been observed. Yoshiki Mori, Ushimaru Hayat...

9.8CVSS7.2AI score0.01249EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/23 12:0 a.m.25 views

JVN#43979089: PukiWiki vulnerable to cross-site scripting

PukiWiki provided by PukiWiki Developers Team contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the site using the product. Solution Update the Software Update the Software to the latest version...

6.1CVSS5.2AI score0.00472EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/19 2:42 a.m.7 views

Multiple vulnerabilities in Trend Micro Security

Overview Trend Micro Incorporated has released security updates for Trend Micro Security. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Trend Micro Security 2022 Information disclosure due to an Out-Of-Bounds Read...

7.8CVSS6.9AI score0.00335EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/18 6:45 a.m.2 views

Trend Micro Endpoint security products for enterprises vulnerable to Link Following Local Privilege Escalation

Overview Trend Micro Incorporated has released security updates for Endpoint security products for enterprises. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. Impact A non-administrative user of the system where the affected product...

7.8CVSS6.7AI score0.00546EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/04 6:14 a.m.2 views

Kaitai Struct: compiler vulnerable to denial-of-service (DoS)

Overview Kaitai Struct: compiler provided by Kaitai team contains SnakeYAML library version 1.25, which is used in parsing .ksy files. SnakeYAML version 1.25 expands recursive aliases unlimitedly CWE-674, hence Katai Struct: compiler is vulnerable to a denial-of-service DoS attack by Billion Laug...

7.5CVSS8.5AI score0.26723EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/04 12:0 a.m.54 views

JVN#42883072: Kaitai Struct: compiler vulnerable to denial-of-service (DoS)

Kaitai Struct: compiler provided by Kaitai team contains SnakeYAML library version 1.25, which is used in parsing .ksy files. SnakeYAML version 1.25 expands recursive aliases unlimitedly CWE-674, hence Katai Struct: compiler is vulnerable to a denial-of-service DoS attack by Billion Laughs Attack...

7.5CVSS7.3AI score0.26723EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/03 8:40 a.m.2 views

CONTEC SolarView Compact vulnerable to insufficient verification in uploading files

Overview SolarView Compact provided by CONTEC CO., LTD. is PV Measurement System. The image file management page of SolarView Compact contains an insufficient verification vulnerability when uploadi webray reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.ng files...

8.8CVSS7AI score0.01218EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/08/01 8:10 a.m.2 views

Information Disclosure Vulnerability in Hitachi Automation Director and Hitachi Ops Center Automator

Overview Information Disclosure Vulnerability have been found in Hitachi Automation Director and Hitachi Ops Center Automator. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official...

6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/29 4:43 a.m.2 views

Multiple vulnerabilities in Nintendo Wi-Fi Network Adaptor WAP-001

Overview Nintendo Wi-Fi Network Adaptor provided by Nintendo Co.,Ltd. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2022-36381 Buffer overflow CWE-121 - CVE-2022-36293 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc reported these vulnerabilities to IP...

7.2CVSS8.4AI score0.0146EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/29 12:0 a.m.42 views

JVN#17625382: Multiple vulnerabilities in Nintendo Wi-Fi Network Adaptor WAP-001

Nintendo Wi-Fi Network Adaptor provided by Nintendo Co.,Ltd. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2022-36381 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:P/I:P/A:P|...

7.2CVSS7.9AI score0.0146EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/28 4:40 a.m.2 views

"JustSystems JUST Online Update for J-License" starts a program with an unquoted file path

Overview "JustSystems JUST Online Update for J-License" is bundled with multiple products for corporate users provided by JustSystems Corporation, as in Ichitaro through Pro5 and others, and it is registered as a Windows service. "JustSystems JUST Online Update for J-License" starts another progr...

9.8CVSS6.7AI score0.00737EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/28 12:51 a.m.2 views

"Hulu" App for iOS vulnerable to improper server certificate verification

Overview "Hulu" App for iOS provided by HJ Holdings, Inc. is vulnerable to improper server certificate verification CWE-295. Shungo Kumasaka of GMO Cyber Security by IERAE reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.8CVSS6.5AI score0.00203EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/28 12:14 a.m.1 views

"Hulu" App for Android uses a hard-coded API key for an external service

Overview "Hulu" App for Android provided by HJ Holdings, Inc. uses a hard-coded API key for an external service CWE-798. Ryo Sato of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact T...

7.5CVSS6.8AI score0.00575EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/28 12:0 a.m.47 views

JVN#57073973: "JustSystems JUST Online Update for J-License" starts a program with an unquoted file path

"JustSystems JUST Online Update for J-License" is bundled with multiple products for corporate users provided by JustSystems Corporation, as in Ichitaro through Pro5 and others, and it is registered as a Windows service. "JustSystems JUST Online Update for J-License" starts another program with a...

9.8CVSS9.3AI score0.00737EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/27 12:0 a.m.39 views

JVN#40907489: "Hulu / フールー" App for Android uses a hard-coded API key for an external service

"Hulu / フールー" App for Android provided by HJ Holdings, Inc. uses a hard-coded API key for an external service CWE-798. Impact The hard-coded API key may be retrieved via reverse-engineering the application binary. Note that the application users are not directly affected by this vulnerability...

7.5CVSS7.5AI score0.00575EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/27 12:0 a.m.38 views

JVN#81563390: "Hulu / フールー" App for iOS vulnerable to improper server certificate verification

"Hulu / フールー" App for iOS provided by HJ Holdings, Inc. is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update the application to the latest versi...

4.8CVSS4.7AI score0.00203EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/25 5:30 a.m.4 views

WordPress Plugin "Newsletter" vulnerable to cross-site scripting

Overview WordPress Plugin "Newsletter" provided by Stefano Lissa & The Newsletter Team contains a cross-site scripting vulnerability CWE-79. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

6.1CVSS6AI score0.01785EPSS
Exploits2References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/25 5:18 a.m.2 views

Multiple vulnerabilities in untangle

Overview untangle provided by Christian Stefanescu is a Python library for processing XML documents. untangle contains multiple vulnerabilities listed below. Improper Restriction of Recursive Entity References in DTDs CWE-776 - CVE-2022-33977 Improper Restriction of XML External Entity Reference...

7.5CVSS6.5AI score0.01396EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/25 12:0 a.m.26 views

JVN#77850327: WordPress Plugin "Newsletter" vulnerable to cross-site scripting

WordPress Plugin "Newsletter" provided by Stefano Lissa & The Newsletter Team contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the WordPress using the plugin with the administrative privilege...

6.1CVSS6AI score0.01785EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/25 12:0 a.m.30 views

JVN#30454777: Multiple vulnerabilities in untangle

untangle provided by Christian Stefanescu is a Python library for processing XML documents. untangle contains multiple vulnerabilities listed below. Improper Restriction of Recursive Entity References in DTDs CWE-776 - CVE-2022-33977 Version| Vector| Score ---|---|--- CVSS v3|...

7.5CVSS7.6AI score0.01396EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/22 4:40 a.m.1 views

Booked vulnerable to open redirect

Overview Booked provided by Twinkle Toes Software contains an open redirect vulnerability CWE-601. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When...

6.1CVSS6.6AI score0.00548EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/22 12:0 a.m.35 views

JVN#75063798: Booked vulnerable to open redirect

Booked provided by Twinkle Toes Software contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the software Update the...

6.1CVSS6.2AI score0.00548EPSS
Exploits0
Total number of security vulnerabilities5625