Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/28 12:0 a.m.21 views

JVN#29428319: WordPress Plugin "OG Tags" vulnerable to cross-site request forgery

WordPress Plugin "OG Tags" provided by Mário Valney contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according...

8.8CVSS8.7AI score0.00716EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/17 6:13 a.m.5 views

Multiple vulnerabilities in Sharp NEC Display Solutions' public displays

Overview Multiple public displays provided by Sharp NEC Display Solutions, Ltd. contain multiple vulnerabilities listed below. Command Injection CWE-77 - CVE-2021-20698 Buffer Overflow CWE-120 - CVE-2021-20699 Howard McGreehan of Aon's Cyber Solutions reported these vulnerabilities to Sharp NEC...

10CVSS7.5AI score0.0166EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/17 12:0 a.m.59 views

JVN#42866574: Multiple vulnerabilities in Sharp NEC Display Solutions' public displays

Multiple public displays provided by Sharp NEC Display Solutions, Ltd. contain multiple vulnerabilities listed below. Command Injection CWE-77 - CVE-2021-20698 Version| Vector| Score ---|---|--- CVSS v2| AV:N/AC:L/Au:N/C:C/I:C/A:C| Base Score:10.0 CVSS v3|...

10CVSS10AI score0.0166EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/16 5:33 a.m.3 views

EC-CUBE plugin "Order Status Batch Change Plug-in" vulnerable to cross-site scripting

Overview EC-CUBE plugin "Order Status Batch Change Plug-in" provided by ActiveFusions Co., Ltd. contains a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by conducting a specific operation on the management page of EC-CUBE. ActiveFusions Co., Ltd. reported this...

6.1CVSS6.2AI score0.00748EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/16 12:0 a.m.44 views

JVN#23406150: EC-CUBE plugin "Order Status Batch Change Plug-in" vulnerable to cross-site scripting

EC-CUBE plugin "Order Status Batch Change Plug-in" provided by ActiveFusions Co., Ltd. contains a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by conducting a specific operation on the management page of EC-CUBE. Impact If a remote attacker injects a specially...

6.1CVSS6.1AI score0.00748EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/13 5:24 a.m.2 views

EC-CUBE plugin "List (order management) item change plug-in" vulnerable to cross-site scripting

Overview EC-CUBE plugin "List order management item change plug-in" provided by shiro8 Co., Ltd. contains a cross-site scripting vulnerability CWE-79. shiro8 Co., Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and shiro8 Co., Ltd. coordinated under...

6.1CVSS6AI score0.00733EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/13 12:0 a.m.54 views

JVN#46313661: EC-CUBE plugin "List (order management) item change plug-in" vulnerable to cross-site scripting

EC-CUBE plugin "List order management item change plug-in" provided by shiro8 Co., Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the administrative page of the product. Solution Update the plug...

6.1CVSS6AI score0.00733EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/10 6:44 a.m.2 views

Multiple vulnerabilities in RevoWorks Browser

Overview RevoWorks Browser provided by J's Communication Co., Ltd. is a virtual browser which enables internet isolation. It provides the function that enables access to drives, folders, files, and registries under the isolated environment from the local environment when running the web browser...

9.6CVSS7.2AI score0.01222EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/10 12:0 a.m.33 views

JVN#81658818: Multiple vulnerabilities in RevoWorks Browser

RevoWorks Browser provided by J’s Communication Co., Ltd. is a virtual browser which enables internet isolation. It provides the function that enables access to drives, folders, files, and registries under the isolated environment from the local environment when running the web browser. RevoWorks...

9.6CVSS9.9AI score0.01222EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/03 7:10 a.m.4 views

Trend Micro Security family vulnerable to improper handling of Directory Junction

Overview Trend Micro Incorporated has released security updates for Trend Micro Security family. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. Impact An attacker may obtain unauthorized privileges and cause a denial-of-service DoS...

6.6AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/27 4:29 a.m.6 views

baserCMS vulnerable to cross-site scripting

Overview baserCMS provided by baserCMS Users Community contains a cross-site scripting vulnerability CWE-79. Akagi Yusuke of NTT-ME CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

8.7CVSS6AI score0.00929EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/27 12:0 a.m.35 views

JVN#14134801: baserCMS vulnerable to cross-site scripting

baserCMS provided by baserCMS Users Community contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update the software to the latest version according to the information provided by the developer...

8.7CVSS5.6AI score0.00929EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/25 5:54 a.m.5 views

Multiple cross-site scripting vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Search screen CWE-79 - CVE-2021-20808 Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type CWE-79 -...

6.1CVSS6.3AI score0.00904EPSS
Exploits0References19
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/25 12:0 a.m.71 views

JVN#97545738: Multiple cross-site scripting vulnerabilities in Movable Type

Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Search screen CWE-79 - CVE-2021-20808 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS...

6.1CVSS6.5AI score0.00904EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/24 5:30 a.m.4 views

The installers of multiple Sony products may insecurely load Dynamic Link Libraries

Overview The installers of multiple Sony products contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Shogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

7.8CVSS7.2AI score0.00315EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/24 12:0 a.m.46 views

JVN#80288258: The installers of multiple Sony products may insecurely load Dynamic Link Libraries

The installers of multiple Sony products contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer by following the...

7.8CVSS7.8AI score0.00315EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/20 5:25 a.m.3 views

Multiple vulnerabilities in Navigate CMS

Overview Navigate CMS is an open source Contents Management System CMS provided by Naviwebs S.C. Navigate CMS contains multiple vulnerabilities listed below. Reflected cross-site scripting in the Help feature CWE-79 Reflected cross-site scripting CWE-79 - CVE-2021-36454 SQL injection CWE-89 -...

8.8CVSS7.2AI score0.01104EPSS
Exploits2References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/19 6:1 a.m.2 views

Incorrect permission assignment vulnerability in multiple Trend Micro Endpoint security products for enterprises

Overview Trend Micro Incorporated has released a security update for multiple Endpoint security products for enterprises. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. Impact A local authenticated attacker may escalate privileges a...

6.7AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/17 5:24 a.m.2 views

Huawei EchoLife HG8045Q vulnerable to OS command injection

Overview EchoLife HT8045Q provided by Huawei is an ONT Optical Network Terminal device. It is equipped with the command line interface for network operators' maintenance purpose, which is disabled by default. When the command line interface is enabled, operators can interact with a certain...

7.7CVSS6.9AI score0.00347EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/17 5:9 a.m.2 views

Multiple vulnerabilities in D-Link router DSL-2750U

Overview D-Link router DSL-2750U is vulnerable to unauthorized configuration modification CWE-15, CVE-2021-3707 and OS command injection CWE-78, CVE-2021-3708. Mohammed Hadi reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An unauthenticated attacker on t...

8.8CVSS7.5AI score0.24563EPSS
Exploits2References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/17 12:0 a.m.138 views

JVN#41646618: Huawei EchoLife HG8045Q vulnerable to OS command injection

EchoLife HT8045Q provided by Huawei is an ONT Optical Network Terminal device. It is equipped with the command line interface for network operators' maintenance purpose, which is disabled by default. When the command line interface is enabled, operators can interact with a certain restricted set ...

6.9CVSS6.8AI score0.00347EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/12 5:5 a.m.4 views

Plone vulnerable to open redirect

Overview Plone provided by Plone Foundation contains an open redirect vulnerability CWE-601. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When accessin...

6.5CVSS6.6AI score0.01028EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/12 12:0 a.m.69 views

JVN#50804280: Plone vulnerable to open redirect

Plone provided by Plone Foundation contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Apply the Patch Apply the patch according...

6.5CVSS6.1AI score0.01028EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/10 5:40 a.m.2 views

WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting

Overview WordPress Plugin "Quiz And Survey Master" provided by ExpressTech contains a cross-site scripting vulnerability CWE-79 due to the flow in handling some URL query parameters. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated on...

6.1CVSS6AI score0.03515EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/10 12:0 a.m.56 views

JVN#65388002: WordPress Plugin "Quiz And Survey Master" vulnerable to cross-site scripting

WordPress Plugin "Quiz And Survey Master" provided by ExpressTech contains a cross-site scripting vulnerability CWE-79 due to the flow in handling some URL query parameters. Impact An arbitrary script may be executed on the user's web browser. Solution Update the plugin Update the plugin accordin...

6.1CVSS2.5AI score0.03515EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/04 2:15 a.m.5 views

Multiple vulnerabilities in multiple Trend Micro Endpoint security products for enterprises

Overview Multiple Endpoint security products for enterprises provided by Trend Micro Incorporated contain multiple vulnerabilities listed below. Incorrect Permission Assignment CWE-732 - CVE-2021-32464 Improper Preservation of Permissions CWE-281 - CVE-2021-32465 Improper Input Validation CWE-20 ...

8.8CVSS9.5AI score0.04951EPSS
Exploits0References18
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/02 7:42 a.m.4 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1782 Cross-site scripting vulnerability in Scheduler CWE-79 - CVE-2021-20753 CyVDB-2029 Improper input validation vulnerability in Workflow CWE-20 - CVE-2021-20754 CyVDB-2071 Viewing restrictions...

8CVSS6.5AI score0.00993EPSS
Exploits0References52
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/02 12:0 a.m.57 views

JVN#54794245: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1782 Cross-site scripting vulnerability in Scheduler CWE-79 - CVE-2021-20753 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

8CVSS6.3AI score0.00993EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/21 6:12 a.m.3 views

Minecraft Java Edition vulnerable to directory traversal

Overview Minecraft Java Edition provided by Mojang Studios contains a directory traversal vulnerability CWE-22. RyotaK reported this vulnerability to the developer and coordinated on his own. After coordination was completed, this case was reported to IPA, and JPCERT/CC coordinated with the...

7.5CVSS6.5AI score0.0143EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/21 12:0 a.m.67 views

JVN#53278122: Minecraft Java Edition vulnerable to directory traversal

Minecraft Java Edition provided by Mojang Studios contains a directory traversal vulnerability CWE-22. Impact Arbitrary JSON files on the system using the product may be deleted by an attacker. Solution Update Minecraft Update Minecraft to the latest version according to the information provided ...

7.5CVSS7.5AI score0.0143EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/19 7:53 a.m.3 views

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) vulnerable to cross-site scripting

Overview Trend Micro Incorporated has released a security update for InterScan Web Security Virtual Appliance IWSVA. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. Impact A user may be redirected to an arbitrary website due to the...

5.4CVSS6.1AI score0.01398EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/19 6:41 a.m.5 views

Multiple vulnerabilities in GroupSession

Overview GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20785 Cross-site request forgery CWE-352 - CVE-2021-20786 Cross-site scripting vulnerability CWE-79 - CVE-2021-20787 Sever-side reques...

6.1CVSS6.6AI score0.00916EPSS
Exploits0References15
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/19 12:0 a.m.84 views

JVN#86026700: Multiple vulnerabilities in GroupSession

GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20785 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

6.1CVSS5.6AI score0.00916EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/14 8:13 a.m.3 views

Optical BB unit E-WMTA2.3 vulnerable to cross-site request forgery

Overview Optical BB unit E-WMTA2.3 provided by SoftBank contains a cross-site request forgery vulnerability CWE-352. Hiroki Nishino reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user views a malicious...

8.8CVSS6.7AI score0.00551EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/14 12:0 a.m.74 views

JVN#34364599: Optical BB unit E-WMTA2.3 vulnerable to cross-site request forgery

Optical BB unit E-WMTA2.3 provided by SoftBank contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the firmware According to the developer, the fixed firmware for this...

8.8CVSS8.7AI score0.00551EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/13 5:34 a.m.3 views

Multiple vulnerabilities in Retty App

Overview Retty App provided by Retty Inc. contains multiple vulnerabilities listed below. The app is launched by Custom URL Scheme and a user may be led to access an arbitrary URL CWE-939 - CVE-2021-20747 The App uses a hard-coded API key for external services CWE-798 - CVE-2021-20748 Ryo Sato of...

7.5CVSS6.9AI score0.01037EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/13 12:0 a.m.84 views

JVN#26891339: Multiple vulnerabilities in Retty App

Retty App provided by Retty Inc. contains multiple vulnerabilities listed below. The app is launched by Custom URL Scheme and a user may be led to access an arbitrary URL CWE-939 - CVE-2021-20747 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score:...

7.5CVSS5.7AI score0.01037EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/09 5:40 a.m.2 views

voidtools "Everything" vulnerable to HTTP header injection

Overview The HTTP server of Everything provided by voidtools contains an HTTP header injection vulnerability CWE-644. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact On the web browser of a...

6.1CVSS7AI score0.01118EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/09 12:0 a.m.107 views

JVN#68971465: voidtools "Everything" vulnerable to HTTP header injection

The HTTP server of Everything provided by voidtools contains an HTTP header injection vulnerability CWE-644. Impact On the web browser of a user who accessed a website which uses the product, an arbitrary script may be executed or the displayed page may be altered. Solution Update the application...

6.1CVSS6.3AI score0.01118EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/08 5:29 a.m.3 views

WordPress Plugin "WordPress Meta Data Filter & Taxonomies Filter" vulnerable to cross-site request forgery

Overview WordPress Plugin "WordPress Meta Data Filter & Taxonomies Filter" provided by realmag777 contains a cross-site request forgery vulnerability CWE-352. Ryoma Nishioka of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this...

8.8CVSS6.6AI score0.00849EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/08 4:45 a.m.17 views

WordPress Plugin "Software License Manager" vulnerable to cross-site request forgery

Overview WordPress Plugin "Software License Manager" provided by Tips and Tricks HQ contains a cross-site request forgery vulnerability CWE-352. Koken Tokuda of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University. reported this vulnerability to...

8.8CVSS6.6AI score0.00871EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/08 12:0 a.m.25 views

JVN#48413554: WordPress Plugin "WordPress Meta Data Filter & Taxonomies Filter" vulnerable to cross-site request forgery

WordPress Plugin "WordPress Meta Data Filter & Taxonomies Filter" provided by realmag777 contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Update t...

8.8CVSS8.7AI score0.00849EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/08 12:0 a.m.40 views

JVN#89054582: WordPress Plugin "Software License Manager" vulnerable to cross-site request forgery

WordPress Plugin "Software License Manager" provided by Tips and Tricks HQ contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Upda...

8.8CVSS8.7AI score0.00871EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/07 5:3 a.m.4 views

Multiple vulnerabilities in Elecom routers

Overview Multiple routers provided by ELECOM CO.,LTD. contain information disclosure and OS command injection vulnerabilities. Multiple routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. WRC-1167FS-W, WRC-1167FS-B, WRC-1167FSA Information disclosure CWE-200 -...

8.8CVSS7.8AI score0.00512EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/07 4:16 a.m.2 views

GU App for Android fails to restrict access permissions

Overview GU App for Android provided by G.U. CO., LTD. contains an access restriction bypass issue CWE-939. The App launched by a Custom URL Scheme may lead an user to access an arbitrary URL. Nao Komatsu of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...

4.3CVSS6.7AI score0.00869EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/07 12:0 a.m.62 views

JVN#25850723: GU App for Android fails to restrict access permissions

GU App for Android provided by G.U. CO., LTD. contains an access restriction bypass issue CWE-939. The App launched by a Custom URL Scheme may lead an user to access an arbitrary URL. Impact A remote attacker may lead a user to access an arbitrary website via the vulnerable App. As a result, if t...

4.3CVSS4.5AI score0.00869EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/06 7:8 a.m.5 views

Multiple vulnerabilities in Trend Micro Password Manager

Overview Trend Micro Incorporated has released a security update for Trend Micro Password Manager. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Privilege escalation and buffer overflow due to improper processing of integ...

9CVSS8.5AI score0.05232EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/06 5:50 a.m.2 views

WordPress Plugin "WordPress Email Template Designer - WP HTML Mail" vulnerable to cross-site request forgery

Overview WordPress Plugin "WordPress Email Template Designer - WP HTML Mail" provided by codemiq contains a cross-site request forgery vulnerability CWE-352. Konan Nagashima of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this...

8.8CVSS6.4AI score0.0087EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/06 5:11 a.m.4 views

WordPress Plugin "WPCS - WordPress Currency Switcher" vulnerable to cross-site request forgery

Overview WordPress Plugin "WPCS - WordPress Currency Switcher" provided by realmag777 contains a cross-site request forgery vulnerability CWE-352. Mizuki Takagi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported and coordinated with...

8.8CVSS6.5AI score0.00866EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/06 12:0 a.m.81 views

JVN#91372527: WordPress Plugin "WPCS - WordPress Currency Switcher" vulnerable to cross-site request forgery

WordPress Plugin "WPCS – WordPress Currency Switcher" provided by realmag777 contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in to the affected system with an administrative privilege, unintended operations may be performed. Soluti...

8.8CVSS8.6AI score0.00866EPSS
Exploits0
Total number of security vulnerabilities5625