Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/10/23 4:53 a.m.1 views

Clickjacking Vulnerability in Hitachi Device Manager

Overview A Clickjacking Vulnerability was found in Hitachi Device Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

4.3CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/10/19 5:45 a.m.2 views

Web Isolation vulnerable to cross-site scripting

Overview Web Isolation provided by Symantec Corporation contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update the software to the latest version according to the information provide...

6.1CVSS6AI score0.00999EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/10/19 5:31 a.m.4 views

Multiple vulnerabilities in YukiWiki

Overview YukiWiki is a Wiki engine. YukiWiki contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2018-0699 Processing a particular request consumes large amounts of CPU and memory resources CWE-400 - CVE-2018-0700 Tanaka Akira of National Institute of Advanced...

7.8CVSS6.8AI score0.01134EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/10/19 12:0 a.m.549 views

JVN#36343375: Multiple vulnerabilities in YukiWiki

YukiWiki is a Wiki engine. YukiWiki contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2018-0699 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 Processing...

7.8CVSS6.9AI score0.01134EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/10/19 12:0 a.m.567 views

JVN#58005743: Web Isolation vulnerable to cross-site scripting

Web Isolation provided by Symantec Corporation contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update the software to the latest version according to the information provided by the...

6.1CVSS6.1AI score0.00999EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/10/15 6:26 a.m.3 views

Multiple vulnerabilities in FileZen

Overview FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2018-0693 OS command injection CWE-78 - CVE-2018-0694 Soliton Systems K.K...

10CVSS8AI score0.02374EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/10/15 12:0 a.m.549 views

JVN#95355683: Multiple vulnerabilities in FileZen

FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2018-0693 Version| Vector| Score ---|---|--- CVSS v3|...

10CVSS9AI score0.02374EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/10/12 5:44 a.m.2 views

OpenAM (Open Source Edition) vulnerable to session management

Overview OpenAM Open Source Edition contains a vulnerability in session management. Yasushi Iwakata of Open Source Solution Technology Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user who c...

7.5CVSS6.7AI score0.01057EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/10/12 12:0 a.m.517 views

JVN#49995005: OpenAM (Open Source Edition) vulnerable to session management

OpenAM Open Source Edition contains a vulnerability in session management. Impact A user who can login to the product may change the security questions and reset the login password. Solution Apply the Patch Patch for this vulnerability has been released by OpenAM Consortium. Apply the patch...

7.5CVSS7.6AI score0.01057EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/10/11 6:54 a.m.3 views

Metabase vulnerable to cross-site scripting

Overview Metabase provided by Metabase, Inc. contains a reflected cross-site scripting vulnerability CWE-79. Yuuta Watanabe of STNet, Incorporated reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

6.1CVSS6AI score0.00842EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/10/11 12:0 a.m.558 views

JVN#14323043: Metabase vulnerable to cross-site scripting

Metabase provided by Metabase, Inc. contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer...

6.1CVSS6.1AI score0.00842EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/10/09 7:27 a.m.2 views

User-friendly SVN vulnerable to cross-site scripting

Overview User-friendly SVN provided by USVN Team contains a reflected cross-site scripting vulnerability CWE-79. Jun Okutsu of NTT TechnoCross Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6AI score0.00788EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/10/09 7:22 a.m.4 views

Music Center for PC improperly verifies software update files

Overview Music Center for PC provided by Sony Video & Sound Products Inc. contains an issue in software update process CWE-669. As a result, under a man-in-the-middle attack, a specially crafted executable file may be downloaded and executed. DigiGnome reported this vulnerability to IPA. JPCERT/C...

7.5CVSS6.6AI score0.01533EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/10/09 12:0 a.m.529 views

JVN#36623716: Music Center for PC improperly verifies software update files

Music Center for PC provided by Sony Video & Sound Products Inc. contains an issue in software update process CWE-669. As a result, under a man-in-the-middle attack, a specially crafted executable file may be downloaded and executed. Impact Under a man-in-the-middle attack, a specially crafted fi...

7.5CVSS7.4AI score0.01533EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/10/09 12:0 a.m.540 views

JVN#73794686: User-friendly SVN vulnerable to cross-site scripting

User-friendly SVN provided by USVN Team contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged-in user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer...

6.1CVSS6.1AI score0.00788EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/10/04 7:11 a.m.4 views

Multiple vulnerabilities in Denbun

Overview Denbun provided by NEOJAPAN Inc. is a WebMail System. Denbun contains multiple vulnerabilities listed below. Hard-coded credentials for user account CWE-798 - CVE-2018-0680 Hard-coded credentials for the configuration management page CWE-798 - CVE-2018-0681 Improper session management...

9.8CVSS8.7AI score0.03584EPSS
Exploits0References25
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/10/04 12:0 a.m.539 views

JVN#00344155: Multiple vulnerabilities in Denbun

Denbun provided by NEOJAPAN Inc. is a WebMail System. Denbun contains multiple vulnerabilities listed below. Hard-coded credentials for user account CWE-798 - CVE-2018-0680 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2|...

9.8CVSS9.2AI score0.03584EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/10/03 6:2 a.m.3 views

The installer of Baidu Browser may insecurely load Dynamic Link Libraries

Overview Baidu Browser provided by Baidu, Inc. is a Web browser. The installer of Baidu Browser contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Asuka Nakajima of NTT Secure Platform Laboratories reported this vulnerability to IPA...

9.3CVSS7AI score0.00944EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/10/03 12:0 a.m.522 views

JVN#77885134: The installer of Baidu Browser may insecurely load Dynamic Link Libraries

Baidu Browser provided by Baidu, Inc. is a Web browser. The installer of Baidu Browser contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer...

9.3CVSS7.7AI score0.00944EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/09/27 7:52 a.m.5 views

+Message App fails to verify SSL server certificates

Overview +Message App fails to verify SSL server certificates. ma.la of LINE Corporation reported this vulnerability to the developer, and also to IPA in order to notify users of its solution through JVN. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...

5.9CVSS6.5AI score0.00667EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/09/27 12:0 a.m.543 views

JVN#37288228: +Message App fails to verify SSL server certificates

+Message App fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by the developer. Products Affected SoftBank...

5.9CVSS5.3AI score0.00667EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/09/13 4:57 a.m.3 views

Multiple FXC network devices vulnerable to cross-site scripting

Overview Multiple network devices provided by FXC Inc. contain a stored cross-site scripting vulnerability CWE-79. SUNAGAWA, Masanori of Japan Advanced Institute of Science and Technology Graduate School of Advanced Science and Technology Security and Networks reported this vulnerability to IPA...

4.8CVSS5.9AI score0.00523EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/09/13 12:0 a.m.524 views

JVN#68528150: Multiple FXC network devices vulnerable to cross-site scripting

Multiple network devices provided by FXC Inc. contain a stored cross-site scripting vulnerability CWE-79. Impact If an attacker with administrative rights logs in the Management GUI and embeds a specially crafted script, then that script may be executed on another administrator's web browser...

4.8CVSS5AI score0.00523EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/09/10 5:1 a.m.3 views

Cybozu Garoon vulnerable to directory traversal

Overview Cybozu Garoon provided by Cybozu, Inc. contains a directory traversal vulnerability CWE-22 due to a flaw in processing of the session information. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated und...

8.1CVSS6.6AI score0.01381EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/09/10 12:0 a.m.527 views

JVN#12583112: Cybozu Garoon vulnerable to directory traversal

Cybozu Garoon provided by Cybozu, Inc. contains a directory traversal vulnerability CWE-22 due to a flaw in processing of the session information. Impact A user who can login to the product may obtain or alter arbitrary files on the server. Solution Apply the Patch Apply the patch according to th...

8.1CVSS8AI score0.01381EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/09/07 7:49 a.m.1 views

Multiple vulnerabilities in INplc

Overview INplc provided by MICRONET CORPORATION contains multiple vulnerabilities listed below. DLL preloading vulnerability CWE-427 - CVE-CVE-2018-0667 Buffer overflow CWE-119 - CVE-2018-0668 Authentication bypass CWE-287 - CVE-2018-0669 Authentication bypass CWE-287 - CVE-2018-0670 Privilege...

9.8CVSS8.2AI score0.0164EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/09/07 12:0 a.m.536 views

JVN#59624986: Multiple vulnerabilities in INplc

INplc provided by MICRONET CORPORATION contains multiple vulnerabilities listed below. DLL preloading vulnerability CWE-427 - CVE-CVE-2018-0667 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H| Base Score: 7.8 CVSS v2| AV:N/AC:M/AU:N/C:P/I:P/A:P| Base Score...

9.8CVSS9.1AI score0.0164EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/31 6:59 a.m.4 views

AttacheCase vulnerable to arbitrary script execution

Overview AttacheCase is an open source file encryption software provided by HiBARA Software. If a setting file AtcCase.ini is specially crafted and it resides in the same folder where ATC file resides, it is leveraged to execute an arbitrary script when ATC file is decrypted. Taizoh Tsukamoto of...

7.8CVSS7.1AI score0.01434EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/31 6:48 a.m.3 views

QNAP Photo Station vulnerable to cross-site scripting

Overview Photo Station provided by QNAP Systems, Inc. contains a reflected cross-site scripting vulnerability CWE-79. Mitsuaki Mitch Shiraishi of Secureworks Japan reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.1CVSS6AI score0.03122EPSS
Exploits5References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/31 12:0 a.m.545 views

JVN#02037158: AttacheCase vulnerable to arbitrary script execution

AttacheCase is an open source file encryption software provided by HiBARA Software. If a setting file AtcCase.ini is specially crafted and it resides in the same folder where ATC file resides, it is leveraged to execute an arbitrary script when ATC file is decrypted. Impact A remote unauthenticat...

7.8CVSS7.7AI score0.01434EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/31 12:0 a.m.538 views

JVN#63556416: QNAP Photo Station vulnerable to cross-site scripting

Photo Station provided by QNAP Systems, Inc. contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer...

6.1CVSS6AI score0.03122EPSS
Exploits5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/30 8:34 a.m.4 views

Movable Type vulnerable to cross-site scripting

Overview Movable Type provided by Six Apart, Ltd. is a content management system. Movable Type contains a cross-site scripting vulnerability CWE-79. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

6.1CVSS6.1AI score0.00818EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/30 12:0 a.m.527 views

JVN#89550319: Movable Type vulnerable to cross-site scripting

Movable Type provided by Six Apart, Ltd. is a content management system. Movable Type contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information...

6.1CVSS6.1AI score0.00818EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/29 9:1 a.m.4 views

Multiple script injection vulnerabilities in multiple Yamaha network devices

Overview The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities CWE-74. The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.8CVSS7.2AI score0.00652EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/29 12:0 a.m.539 views

JVN#69967692: Multiple script injection vulnerabilities in multiple Yamaha network devices

The management screen of multiple network devices provided by Yamaha Corporation contains multiple script injection vulnerabilities CWE-74. Impact In the case where multiple administrators manage an affected device, an administrator with malicious intent may embed an arbitrary script into the...

6.8CVSS6.9AI score0.00652EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/22 8:11 a.m.2 views

Path Traversal Vulnerability in Hitachi Automation Director

Overview A Path Traversal Vulnerability was found in Hitachi Automation Director. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.1CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/22 8:11 a.m.3 views

Path Traversal Vulnerability in JP1/Automatic Operation

Overview A Path Traversal Vulnerability was found in JP1/Automatic Operation. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.1CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/21 6:59 a.m.21 views

The installer of Digital Paper App may insecurely load Dynamic Link Libraries

Overview Digital Paper App provided by Sony Corporation is document management software exclusively for Sony Digital Paper. The installer of Digital Paper App contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT...

7.8CVSS7AI score0.01282EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/21 12:0 a.m.515 views

JVN#75700242: The installer of Digital Paper App may insecurely load Dynamic Link Libraries

Digital Paper App provided by Sony Corporation is document management software exclusively for Sony Digital Paper. The installer of Digital Paper App contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be...

7.8CVSS7.7AI score0.01282EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/17 4:49 a.m.3 views

NoMachine App for Android vulnerable to environment variables alteration

Overview NoMachine App for Android contains an information alteration vulnerability. Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote attacker may alte...

9.8CVSS7.2AI score0.01652EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/17 12:0 a.m.537 views

JVN#14451678: NoMachine App for Android vulnerable to environment variables alteration

NoMachine App for Android contains an information alteration vulnerability. Impact A remote attacker may alter environemt variables of the NoMachine App. As a result, arbitrary code may be executed. Solution Update the Software Update to the latest version of software according to the information...

9.8CVSS9.4AI score0.01652EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/14 1:4 a.m.4 views

Information Disclosure Vulnerability in Hitachi Command Suite

Overview An Information Disclosure Vulnerability was found in Hitachi Command Suite. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.5CVSS6.5AI score0.01352EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/09 7:43 a.m.4 views

Multiple vulnerabilities in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE

Overview EC-CUBE Payment Module and GMO-PG Payment Module PG Multi-Payment Service, which are additional modules for EC-CUBE, provided by GMO Payment Gateway, Inc. contain multiple vulnerabilities listed below. Cross-site scripting vulnerability in the management screen CWE-79 - CVE-2018-0657 Inp...

7.2CVSS6.7AI score0.01029EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/09 12:0 a.m.533 views

JVN#06372244: Multiple vulnerabilities in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE

EC-CUBE Payment Module and GMO-PG Payment Module PG Multi-Payment Service, which are additional modules for EC-CUBE, provided by GMO Payment Gateway, Inc. contain multiple vulnerabilities listed below. Cross-site scripting vulnerability in the management screen CWE-79 - CVE-2018-0657 Version|...

7.2CVSS6.3AI score0.01029EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/07 5:33 a.m.4 views

Multiple vulnerabilities in multiple I-O DATA network camera products

Overview Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. Permissions, Privileges, and Access Controls CWE-264 - CVE-2018-0661 Insufficient Verification of Data Authenticity CWE-345 - CVE-2018-0662 Use of Hard-coded Credentials...

9CVSS8AI score0.01624EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/07 12:0 a.m.540 views

JVN#83701666: Multiple vulnerabilities in multiple I-O DATA network camera products

Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. Permissions, Privileges, and Access Controls CWE-264 - CVE-2018-0661 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 6.3 CVSS v2|...

9CVSS8.5AI score0.01624EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/06 5:10 a.m.5 views

Multiple directory traversal vulnerabilities in AttacheCase

Overview AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains a directory traversal vulnerability CWE-22 due to a flaw in processing filenames in ATC files. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported CVE-2018-0660...

5.8CVSS6.7AI score0.01419EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/06 12:0 a.m.539 views

JVN#62121133: Multiple directory traversal vulnerabilities in AttacheCase

AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains a directory traversal vulnerability CWE-22 due to a flaw in processing filenames in ATC files. Impact Decrypting a crafted ATC file may result in creation of an arbitrary file or overwriting o...

5.8CVSS4.5AI score0.01419EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/03 6:4 a.m.3 views

Multiple cross-site scripting vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in the UserGroup Management section of admin page CWE-79 - CVE-2018-0652 Stored cross-site scripting vulnerability in Wiki page view CWE-79 -...

6.4CVSS5.9AI score0.00899EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/08/03 12:0 a.m.549 views

JVN#18716340: Multiple cross-site scripting vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in the UserGroup Management section of admin page CWE-79 - CVE-2018-0652 Version| Vector| Score ---|---|--- CVSS v3|...

6.1CVSS5.7AI score0.00899EPSS
Exploits0
Total number of security vulnerabilities5625