Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/19 6:32 a.m.3 views

Fuji Xerox multifunction devices and printers vulnerable to denial-of-service (DoS)

Overview Multifunction devices and printers provided by Fuji Xerox Co.,Ltd. contain a denial-of-service DoS vulnerability. Masahiro Kawada of Ierae Security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

7.8CVSS6.4AI score0.01549EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/19 12:0 a.m.49 views

JVN#37607293: Fuji Xerox multifunction devices and printers vulnerable to denial-of-service (DoS)

Multifunction devices and printers provided by Fuji Xerox Co.,Ltd. contain a denial-of-service DoS vulnerability. Impact An attacker may cause the products to be terminated by sending a specially crafted command. In order to restart the products, the physical power button on the devices must be...

7.8CVSS7.5AI score0.01549EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/17 7:24 a.m.3 views

WordPress plugin "Paid Memberships Pro" vulnerable to SQL injection

Overview WordPress Plugin "Paid Memberships Pro" contains an SQL injection vulnerability CWE-89. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated on his own. After coordination was completed, this case was reported to JPCERT/CC, and...

8.8CVSS7.6AI score0.02044EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/17 12:0 a.m.51 views

JVN#08191557: WordPress plugin "Paid Memberships Pro" vulnerable to SQL injection

WordPress Plugin "Paid Memberships Pro" contains an SQL injection vulnerability CWE-89. Impact An attacker who can access Paid Membership Pro may obtain and/or alter the information stored in the database. Solution Update the plugin Update the plugin according to the information provided by the...

8.8CVSS8.8AI score0.02044EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/15 6:56 a.m.4 views

Multiple vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1657 Operational restrictions bypass vulnerability in Scheduler CWE-264 - CVE-2021-20624 CyVDB-1727 Operational restrictions bypass vulnerability in Bulletin Board CWE-264 - CVE-2021-20625...

6.5CVSS6.6AI score0.0081EPSS
Exploits0References29
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/15 12:0 a.m.111 views

JVN#45797538: Multiple vulnerabilities in Cybozu Office

Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1657 Operational restrictions bypass vulnerability in Scheduler CWE-264 - CVE-2021-20624 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2|...

6.5CVSS5.9AI score0.0081EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/12 6:59 a.m.4 views

M-System DL8 contains multiple vulnerabilities

Overview DL8 provided by M-System contains the following vulnerabilities: Denial-of-Service CWE-400 - CVE-2021-20675 Improper Access Control CWE-284 - CVE-2021-20676 CVE-2021-20675 Takayuki Sasaki, Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC...

6.8CVSS6.5AI score0.01333EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/12 12:0 a.m.180 views

JVN#47497535: M-System DL8 contains multiple vulnerabilities

DL8 provided by M-System contains the following vulnerabilities: Denial-of-Service CWE-400 - CVE-2021-20675 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H| Base Score: 6.5 CVSS v2| AV:N/AC:L/Au:S/C:N/I:N/A:C| Base Score: 6.8 Improper Access Control CWE-28...

6.8CVSS5AI score0.01333EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/11 5:53 a.m.10 views

Installer of MagicConnect Client program may insecurely load Dynamic Link Libraries

Overview Installer of MagicConnect Client program provided by NTT TechnoCross Corporation contains a vulnerability which may lead to insecurely loading Dynamic Link Libraries CWE-427 when a terminal is connected remotely using Remote desktop. Yuji Tounai of Mitsui Bussan Secure Directions, Inc...

7.8CVSS7AI score0.00915EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/11 12:0 a.m.103 views

JVN#18056666: Installer of MagicConnect Client program may insecurely load Dynamic Link Libraries

Installer of MagicConnect Client program provided by NTT TechnoCross Corporation contains a vulnerability which may lead to insecurely loading Dynamic Link Libraries CWE-427 when a terminal is connected remotely using Remote desktop. Impact Arbitrary code may be executed with the privilege of the...

7.8CVSS7.8AI score0.00915EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/10 7:11 a.m.3 views

Multiple cross-site scripting vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters CWE-79 - CVE-2021-20672 Stored cross-site scripting vulnerability in Admin Page CWE-79...

6.1CVSS6.1AI score0.00947EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/10 12:0 a.m.61 views

JVN#86438134: Multiple cross-site scripting vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters CWE-79 - CVE-2021-20672 Version| Vector| Score ---|---|--- CVSS v3|...

6.1CVSS5.8AI score0.00947EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/09 5:17 a.m.3 views

Multiple vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored Cross-site Scripting CWE-79 - CVE-2021-20667 Path Traversal CWE-22 - CVE-2021-20668 Path Traversal CWE-22 - CVE-2021-20669 Improper Access Control CWE-284 - CVE-2021-20670 Improper Input Validation CWE-...

7.5CVSS7.4AI score0.01835EPSS
Exploits0References18
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/08 8:26 a.m.4 views

Trend Micro Security (Consumer) vulnerable to code injection

Overview Trend Micro Security Consumer provided by Trend Micro Incorporated contains a code injection vulnerability CWE-94. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. Impact An attacker who obtained administrative privileges may...

7.2CVSS7.8AI score0.02491EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/05 8:3 a.m.10 views

The installers of E START products may insecurely load Dynamic Link Libraries

Overview The installers of E START products by GMO INSIGHT Inc. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the folder specified by the TEMP environment variable or where the installer resides CWE-427, CVE-2015-9267, and CVE-2015-9268...

9.3CVSS7.1AI score0.01525EPSS
Exploits2References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/05 12:0 a.m.95 views

JVN#68418039: The installers of E START products may insecurely load Dynamic Link Libraries

The installers of E START products by GMO INSIGHT Inc. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the folder specified by the TEMP environment variable or where the installer resides CWE-427, CVE-2015-9267, and CVE-2015-9268. Impact...

9.3CVSS6.4AI score0.01525EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/24 6:20 a.m.2 views

Multiple cross-site scripting vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Role authority setting screen CWE-79 - CVE-2021-20663 Cross-site scripting vulnerability in Asset registration screen CWE-79 - CVE-2021-20664...

6.1CVSS6.3AI score0.0081EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/24 12:0 a.m.239 views

JVN#66542874: Multiple cross-site scripting vulnerabilities in Movable Type

Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Role authority setting screen CWE-79 - CVE-2021-20663 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base...

6.1CVSS6.4AI score0.0081EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/19 7:44 a.m.4 views

Multiple vulnerabilities in SolarView Compact

Overview SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. Exposure of information through directory listing CWE-548 - CVE-2021-20656 Improper access control CWE-284 - CVE-2021-20657 OS command injection CWE-78 - CVE-2021-20658 Unrestricted upload of...

10CVSS8.3AI score0.73946EPSS
Exploits22References37
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/19 12:0 a.m.358 views

JVN#37417423: Multiple vulnerabilities in SolarView Compact

SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. Exposure of information through directory listing CWE-548 - CVE-2021-20656 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N| Base Score: 3.5 CVSS v2|...

10CVSS8.9AI score0.73946EPSS
Exploits22
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/16 8:23 a.m.3 views

Multiple Vulnerabilities in JP1/Automatic Operation

Overview Multiple vulnerabilities have been found in JP1/Automatic Operation. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/16 6:7 a.m.3 views

FileZen vulnerable to OS command injection

Overview FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains an OS command injection vulnerability CWE-78. Soliton Systems K.K. reported this vulnerability to JPCERT/CC to notify users of its solution through...

9.1CVSS7.7AI score0.0397EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/16 12:0 a.m.97 views

JVN#58774946: FileZen vulnerable to OS command injection

FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains an OS command injection vulnerability CWE-78. Impact A remote attacker who obtained the administrative account of this product may execute an arbitrary OS...

9CVSS7.3AI score0.0397EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/15 6:52 a.m.3 views

Calsos CSDJ fails to restrict access permissions

Overview Calsos CSDJ provided by NEC Platforms, Ltd. fails to restrict access permissions CWE-264, which may lead to an unauthorized user being able to view the historical data without access privileges. Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this...

5.3CVSS6.5AI score0.01191EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/15 12:0 a.m.116 views

JVN#87164507: Calsos CSDJ fails to restrict access permissions

Calsos CSDJ provided by NEC Platforms, Ltd. fails to restrict access permissions CWE-264, which may lead to an unauthorized user being able to view the historical data without access privileges. Impact A user who can login to the product may obtain unauthorized historical data without access...

5.3CVSS5.1AI score0.01191EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/10 5:1 a.m.5 views

Wekan vulnerable to cross-site scripting

Overview Wekan, open source kanban board system, is vulnerable to cross-site scripting CWE-79. This vulnerability is treated as one of multiple cross-site scripting vulnerabilities, named "Fieldbleed". Ryoya Koyama at Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...

5.4CVSS6AI score0.00751EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/10 12:0 a.m.55 views

JVN#80785288: Wekan vulnerable to cross-site scripting

Wekan, open source kanban board system, is vulnerable to cross-site scripting CWE-79. This vulnerability is treated as one of multiple cross-site scripting vulnerabilities, named "Fieldbleed". Impact When a logged-in user store malicious value containing Javascript code to the system, that...

5.4CVSS5.2AI score0.00751EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/09 6:8 a.m.1 views

Improper access control vulnerability in JP1/IT Desktop Management 2 - Manager and JP1/NETM/Asset Information Manager

Overview The JP1/IT Desktop Management 2 - Manager and JP1/NETM/Asset Information Manager contains improper access control vulnerability. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the offici...

6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/09 6:8 a.m.3 views

Cross-site Scripting Vulnerability in Hitachi Application Server Help

Overview A cross-site scripting vulnerability was found in Hitachi Application Server Help. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

6.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/05 7:24 a.m.5 views

WordPress Plugin "Name Directory" vulnerable to cross-site request forgery

Overview WordPress Plugin "Name Directory" provided by J. Peters contains a cross-site request forgery vulnerability CWE-352. Yuta Asai of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to the developer and...

8.8CVSS6.6AI score0.0084EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/05 12:0 a.m.68 views

JVN#50470170: WordPress Plugin "Name Directory" vulnerable to cross-site request forgery

WordPress Plugin "Name Directory" provided by J. Peters contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin...

8.8CVSS8.7AI score0.0084EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/04 6:42 a.m.3 views

Trend Micro HouseCall for Home Networks (Windows Edition) may insecurely load Dynamic Link Libraries

Overview HouseCall for Home Networks Windows Edition provided by Trend Micro Incorporated contains an issue with the DLL search path. By reading a malicious DLL placed in the folder specified by the PATH environment variable, arbitrary code with an escalated privilege may be executed CWE-427. Tre...

7.8CVSS7.5AI score0.00749EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/04 6:39 a.m.4 views

Panasonic Video Insight VMS vulnerable to arbitrary code execution

Overview Video Insight VMS provided by Panasonic Corporation contains an arbitrary code execution vulnerability CWE-94 because unencrypted communication exists in the communication using non-well known ports. Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its...

10CVSS7.7AI score0.02815EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/04 12:0 a.m.71 views

JVN#42252698: Panasonic Video Insight VMS vulnerable to arbitrary code execution

Video Insight VMS provided by Panasonic Corporation contains an arbitrary code execution vulnerability CWE-94 because unencrypted communication exists in the communication using non-well known ports. Impact By sending a specially crafted request to the vulnerable product, a remoto attacker may...

10CVSS9.6AI score0.02815EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/01 7:49 a.m.2 views

Vulnerability in JP1/VERITAS

Overview A vulnerability exists in JP1/VERITAS. Impact Regerding the impact df the vulnerablilty, please refer to the ventor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

6.9AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/27 9:31 a.m.3 views

OS command injection vulnerability in multiple Infoscience Corporation log management tools

Overview Infoscience Corporation's multiple log management tools provide an FTP upload function as one of the log collection methods, and is able to set to allow the adminitrators to accept FTP uploads. In a situation where the FTP upload function is enabled and there is a flaw of input value...

9CVSS7.1AI score0.02156EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/27 8:38 a.m.2 views

Android App "ELECOM File Manager" vulnerable to directory traversal

Overview Android App "ELECOM File Manager" provided by ELECOM CO.,LTD. contains a directory traversal vulnerability CWE-22 due to a flaw in the processing of the filenames when extracting the compressed files. Ryohei Koike reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...

9.1CVSS7AI score0.01871EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/27 12:0 a.m.62 views

JVN#41853173: OS command injection vulnerability in multiple Infoscience Corporation log management tools

Infoscience Corporation's multiple log management tools provide an FTP upload function as one of the log collection methods, and is able to set to allow the adminitrators to accept FTP uploads. In a situation where the FTP upload function is enabled and there is a flaw of input value handling in...

9CVSS8.8AI score0.02156EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/26 7:33 a.m.3 views

Multiple vulnerabilities in multiple ELECOM products

Overview Multiple products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2021-20643 Script injection in web setup page CWE-74 - CVE-2021-20644 Stored cross-site scripting CWE-79 - CVE-2021-20645 Cross-site request forgery CWE-352 ...

10CVSS7.5AI score0.99975EPSS
Exploits6References25
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/26 7:26 a.m.4 views

Multiple vulnerabilities in multiple LOGITEC products

Overview Multiple products provided by LOGITEC CORPORATION contain multiple vulnerabilities. Improper restriction of excessive authentication attempts CWE-307 - CVE-2021-20635 Cross-site request forgery CWE-352 - CVE-2021-20636, CVE-2021-20641 Improper check or handling of exceptional conditions...

7.7CVSS8.4AI score0.00993EPSS
Exploits0References23
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/26 12:0 a.m.132 views

JVN#96783542: Multiple vulnerabilities in multiple LOGITEC products

Multiple products provided by LOGITEC CORPORATION contain multiple vulnerabilities listed below. Improper restriction of excessive authentication attempts CWE-307 - CVE-2021-20635 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 4.3 CVSS v2|...

7.7CVSS7.6AI score0.00993EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/26 12:0 a.m.77 views

JVN#98115035: Android App "ELECOM File Manager" vulnerable to directory traversal

Android App "ELECOM File Manager" provided by ELECOM CO.,LTD. contains a directory traversal vulnerability CWE-22 due to a flaw in the processing of the filenames when extracting the compressed files. Impact A remote attacker may create an arbitrary file or overwrite an existing file in a directo...

9.1CVSS9.1AI score0.01871EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/26 12:0 a.m.164 views

JVN#47580234: Multiple vulnerabilities in multiple ELECOM products

Multiple products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2021-20643 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N| Base Score: 5.3 CVSS v2| AV:N/AC:L/Au:N/C:N/I:P/A:N| Base Score:...

10CVSS7.8AI score0.99975EPSS
Exploits6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/25 7:21 a.m.3 views

TP-Link TL-WR841N V13 (JP) vulnerable to OS command injection

Overview ​TP-Link TL-WR841N is a wifi router for home networks. The firmware version 161028 for hardware version V13 JP is reported vulnerable to OS command injection CWE-78. According to the vendor, the firmware for hardware version V14 JP is not affected. Koh You Liang of 3-shake Inc. reported...

9CVSS7.5AI score0.42285EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/22 8:55 a.m.1 views

Multiple vulnerabilities in Aterm WF800HP, Aterm WG2600HP, and Aterm WG2600HP2

Overview Aterm WF800HP, Aterm WG2600HP, and Aterm WG2600HP2 provided by NEC Corporation contain multiple vulnerabilities. Aterm WF800HP: Cross-site Scripting CWE-79 - CVE-2021-20620 Aterm WG2600HP and Aterm WG2600HP2: Improper Access Control CWE-284 - CVE-2017-12575 Cross-Site Request Forgery...

8.8CVSS6.7AI score0.02334EPSS
Exploits1References13
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/22 12:0 a.m.118 views

JVN#38248512: Multiple vulnerabilities in Aterm WF800HP, Aterm WG2600HP, and Aterm WG2600HP2

Aterm WF800HP, Aterm WG2600HP, and Aterm WG2600HP2 provided by NEC Corporation contain multiple vulnerabilities listed below. Aterm WF800HP: Cross-site Scripting CWE-79 - CVE-2021-20620 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS...

8.8CVSS7.4AI score0.02334EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/19 5:5 a.m.1 views

GROWI vulnerable to cross-site scripting

Overview GROWI provided by WESEEK, Inc. contains a cross-site scripting vulnerability CWE-79. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

6.1CVSS6AI score0.01044EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/19 12:0 a.m.47 views

JVN#57544707: GROWI vulnerable to cross-site scripting

GROWI provided by WESEEK, Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update the software to the latest version according to the information provided by the developer. Products Affect...

6.1CVSS6AI score0.01044EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/14 7:22 a.m.3 views

Multiple vulnerabilities in acmailer

Overview acmailer provided by Seeds Co.,Ltd. contains multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2021-20617 Privilege Chaining CWE-268 - CVE-2021-20618 ma.la reported these vulnerabilities to the developer, and also to IPA in order to notify users of its solution...

10CVSS7.3AI score0.07871EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/14 12:0 a.m.76 views

JVN#35906450: Multiple vulnerabilities in acmailer

acmailer provided by Seeds Co.,Ltd. contains multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2021-20617 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5...

10CVSS10AI score0.07871EPSS
Exploits0
Total number of security vulnerabilities5625