Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/29 4:47 a.m.•2 views

The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" may insecurely invoke an executable file

Overview The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION contains an issue with the DLL search path, which may lead to insecurely invoke an executable file...

9.3CVSS6.9AI score0.01052EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/29 12:0 a.m.•58 views

JVN#20040004: The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" may insecurely invoke an executable file

The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION contains an issue with the DLL search path, which may lead to insecurely invoke an executable file CWE-427...

9.3CVSS7.7AI score0.01052EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/28 5:11 a.m.•4 views

WordPress plugin "Site Reviews" vulnerable to cross-site scripting

Overview The WordPress plugin "Site Reviews" provided by Gemini Labs contains a stored cross-site scripting vulnerability CWE-79. Keita Uchida of TDU Cryptography Lab reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.1CVSS5.8AI score0.01309EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/28 5:11 a.m.•3 views

WordPress plugin "Email Subscribers & Newsletters" vulnerable to cross-site scripting

Overview The WordPress plugin "Email Subscribers & Newsletters" provided by Icegram contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

6.1CVSS5.9AI score0.01224EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/28 3:13 a.m.•5 views

Information Disclosure Vulnerability in Hitachi Automation Director

Overview An Information Disclosure Vulnerability was found in Hitachi Automation Director. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

3.5CVSS6.4AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/28 12:0 a.m.•42 views

JVN#60978548: WordPress plugin "Site Reviews" vulnerable to cross-site scripting

The WordPress plugin "Site Reviews" provided by Gemini Labs contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the develope...

6.1CVSS6AI score0.01309EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/28 12:0 a.m.•38 views

JVN#16471686: WordPress plugin "Email Subscribers & Newsletters" vulnerable to cross-site scripting

The WordPress plugin "Email Subscribers & Newsletters" provided by Icegram contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provid...

6.1CVSS6AI score0.01224EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/24 6:25 a.m.•4 views

The installer of PlayMemories Home for Windows may insecurely load Dynamic Link Libraries

Overview PlayMemories Home for Windows provided by Sony Corporation is Image Management Software. The installer of PlayMemories Home for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications...

7.8CVSS7AI score0.01027EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/24 6:15 a.m.•4 views

Susie plug-in "axpdfium" may insecurely load Dynamic Link Libraries

Overview Susie plug-in "axpdfium" contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user running the program where "axpdfium" is used. Solution Update the plug-in Update...

9.3CVSS6.9AI score0.00959EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/24 12:0 a.m.•58 views

JVN#79301396: Susie plug-in "axpdfium" may insecurely load Dynamic Link Libraries

Susie plug-in "axpdfium" contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user running the program where "axpdfium" is used. Solution Update the plug-in Update the plug-...

9.3CVSS7.6AI score0.00959EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/24 12:0 a.m.•68 views

JVN#13940333: The installer of PlayMemories Home for Windows may insecurely load Dynamic Link Libraries

PlayMemories Home for Windows provided by Sony Corporation is Image Management Software. The installer of PlayMemories Home for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the...

7.8CVSS7.7AI score0.01027EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/22 6:26 a.m.•4 views

Multiple cross-site scripting vulnerabilities in Cybozu Mailwise

Overview Cybozu Mailwise contains multiple cross-site scripting vulnerabilities below. Stored cross-site scripting vulnerability in "E-mail Details Screen" CWE-79 - CVE-2018-0557 Reflected cross-site scripting vulnerability in "System settings" CWE-79 - CVE-2018-0558 Reflected cross-site scriptin...

6.1CVSS6AI score0.00809EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/22 5:53 a.m.•4 views

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community is an opensource content management system. baserCMS contains multiple vulnerabilities listed below. Command injection CWE-94 - CVE-2018-0569 Cross-site scripting CWE-79 - CVE-2018-0570 Unrestricted Upload of File with Dangerous Type in uploa...

8.8CVSS8AI score0.01632EPSS
Exploits0References20
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/22 5:30 a.m.•2 views

Multiple vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Information disclosure in the application "Message" when viewing an external image CWE-200 - CVE-2018-0526 Stored cross-site scripting in "E-mail Details Screen" of the application "E-mail" CWE-79 -...

6.5CVSS6.1AI score0.01069EPSS
Exploits0References26
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/22 12:0 a.m.•47 views

JVN#51737843: Multiple vulnerabilities in Cybozu Office

Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Information disclosure in the application "Message" when viewing an external image CWE-200 - CVE-2018-0526 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N| Base Score:...

6.5CVSS5.4AI score0.01069EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/22 12:0 a.m.•62 views

JVN#67881316: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community is an opensource content management system. baserCMS contains multiple vulnerabilities listed below. Command injection CWE-94 - CVE-2018-0569 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L| Base Score: 6.3 CVS...

8.8CVSS7AI score0.01632EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/22 12:0 a.m.•52 views

JVN#52319657: Multiple cross-site scripting vulnerabilities in Cybozu Mailwise

Cybozu Mailwise contains multiple cross-site scripting vulnerabilities below. Stored cross-site scripting vulnerability in "E-mail Details Screen" CWE-79 - CVE-2018-0557 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

6.1CVSS6.4AI score0.00809EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/21 4:39 a.m.•4 views

Nessus vulnerable to cross-site scripting

Overview Nessus provided by Tenable, Inc. contains a stored cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.1CVSS5.8AI score0.01148EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/21 12:0 a.m.•87 views

JVN#96954395: Nessus vulnerable to cross-site scripting

Nessus provided by Tenable, Inc. contains a stored cross-site scripting vulnerability CWE-79. Impact Arbitrary JavaScript may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected...

5.4CVSS5.3AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/17 6:18 a.m.•2 views

Multiple Microsoft Windows applications and installers may insecurely load Dynamic Link Libraries

Overview Multiple Windows applications and installers provided by Microsoft contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the same directory where applications and/or installers reside CWE-427. Microsoft states that the root cause of thi...

7.8CVSS7.2AI score0.0513EPSS
Exploits0References16
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/17 5:57 a.m.•2 views

The installer of Visual C++ Redistributable may insecurely load Dynamic Link Libraries

Overview The installer of Visual C++ Redistributable provided Microsoft contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the same directory as the installer CWE-427. Microsoft states that the root cause of this vulnerability is "Applicatio...

9.3CVSS7.1AI score0.04589EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/17 5:57 a.m.•5 views

Self-Extracting Archive files created by IExpress may insecurely load Dynamic Link Libraries

Overview Self-extracting archive files created by IExpress provided Microsoft contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directory App Dir DLL planting"...

9.3CVSS7AI score0.09044EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/17 12:0 a.m.•70 views

JVN#81196185: The installer of Visual C++ Redistributable may insecurely load Dynamic Link Libraries

The installer of Visual C++ Redistributable provided Microsoft contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the same directory as the installer CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directo...

9.3CVSS7.7AI score0.04589EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/17 12:0 a.m.•110 views

JVN#91151862: Multiple Microsoft Windows applications and installers may insecurely load Dynamic Link Libraries

Multiple Windows applications and installers provided by Microsoft contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the same directory where applications and/or installers reside CWE-427. Microsoft states that the root cause of this...

7.8CVSS7.8AI score0.0513EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/17 12:0 a.m.•197 views

JVN#72748502: Self-Extracting Archive files created by IExpress may insecurely load Dynamic Link Libraries

Self-extracting archive files created by IExpress provided Microsoft contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directory App Dir DLL planting" and attac...

9.3CVSS7.6AI score0.09044EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/11 5:34 a.m.•2 views

KINEPASS App fails to verify SSL server certificates

Overview KINEPASS App provided by T-JOY CO.,LTD fails to verify SSL server certificates. Seigo Yamamoto of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow a...

5.9CVSS6.5AI score0.00873EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/11 5:34 a.m.•2 views

IIJ SmartKey App for Android vulnerable to authentication bypass

Overview IIJ SmartKey App for Android contains an authentication bypass vulnerability. IIJ SmartKey App for Android provided by Internet Initiative Japan Inc. is an application that enables two-step authentication two-factor authentication for a website from an Android device. IIJ SmartKey App fo...

7.5CVSS6.8AI score0.01622EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/11 12:0 a.m.•64 views

JVN#83671755: KINEPASS App fails to verify SSL server certificates

KINEPASS App provided by T・JOY CO.,LTD fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by the developer...

5.9CVSS5.3AI score0.00873EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/11 12:0 a.m.•65 views

JVN#27137002: IIJ SmartKey App for Android vulnerable to authentication bypass

IIJ SmartKey App for Android provided by Internet Initiative Japan Inc. is an application that enables two-step authentication two-factor authentication for a website from an Android device. IIJ SmartKey App for Android contains an authentication bypass vulnerability CWE-287. Impact An attacker m...

7.5CVSS7.6AI score0.01622EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/10 6:30 a.m.•1 views

Access Control Vulnerability in Hitachi Infrastructure Analytics Advisor

Overview An Access Control Vulnerability was found in Hitachi Infrastructure Analytics Advisor. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate...

7.5CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/10 4:44 a.m.•3 views

Multiple vulnerabilities in WordPress plugin "Ultimate Member"

Overview The WordPress plugin "Ultimate Member" provided by Ultimate Member contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2018-0585 Directory Traversal in the shortcodes function CWE-22 - CVE-2018-0586 Arbitrary File Upload CWE-434 - CVE-2018-0587 Directory...

7.5CVSS6.5AI score0.02598EPSS
Exploits0References18
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/10 12:0 a.m.•73 views

JVN#28804532: Multiple vulnerabilities in WordPress plugin "Ultimate Member"

The WordPress plugin "Ultimate Member" provided by Ultimate Member contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2018-0585 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

7.5CVSS5.5AI score0.02598EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/09 6:38 a.m.•3 views

RT-AC68U vulnerable to cross-site scripting

Overview RT-AC68U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC68U contains a cross-site scripting vulnerability CWE-79. Yuto MAEDA of University of Tsukuba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.1CVSS6.1AI score0.00899EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/09 6:37 a.m.•3 views

RT-AC1200HP vulnerable to cross-site scripting

Overview RT-AC1200HP provided by ASUS Japan Inc. is a wireless LAN router. RT-AC1200HP contains a cross-site scripting vulnerability CWE-79. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securi...

6.1CVSS6AI score0.00899EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/09 6:37 a.m.•3 views

RT-AC87U vulnerable to cross-site scripting

Overview RT-AC87U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC87U contains a cross-site scripting vulnerability CWE-79. Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.1CVSS6.1AI score0.00899EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/09 12:0 a.m.•35 views

JVN#73742314: RT-AC68U vulnerable to cross-site scripting

RT-AC68U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC68U contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Apply the firmware update according to the information provided by the...

6.1CVSS6.1AI score0.00899EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/09 12:0 a.m.•49 views

JVN#34562916: RT-AC1200HP vulnerable to cross-site scripting

RT-AC1200HP provided by ASUS Japan Inc. is a wireless LAN router. RT-AC1200HP contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Firmware Apply the firmware update according to the information...

6.1CVSS6AI score0.00899EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/05/09 12:0 a.m.•43 views

JVN#33901663: RT-AC87U vulnerable to cross-site scripting

RT-AC87U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC87U contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Apply the firmware update according to the information provided by the...

6.1CVSS6.1AI score0.00899EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/27 6:19 a.m.•4 views

The installers of multiple CELSYS,Inc. software may insecurely load Dynamic Link Libraries

Overview The installers of multiple software provided by CELSYS,Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the lates...

8CVSS6.9AI score0.02109EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/27 6:1 a.m.•5 views

WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" vulnerable to cross-site scripting

Overview The WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" provided by Webdados contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warni...

6.1CVSS5.9AI score0.01085EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/27 5:24 a.m.•1 views

WordPress plugin "PixelYourSite" vulnerable to cross-site scripting

Overview The WordPress plugin "PixelYourSite" provided by Minimal Work SRL contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitra...

6.3CVSS5.9AI score0.00766EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/27 5:15 a.m.•3 views

WordPress plugin "WP Google Map Plugin" vulnerable to cross-site scripting

Overview The WordPress plugin "WP Google Map Plugin" provided by Flipper Code contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6AI score0.01066EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/27 5:0 a.m.•2 views

WordPress plugin "Events Manager" vulnerable to cross-site scripting

Overview The WordPress plugin "Events Manager" provided by NetWebLogic contains a stored cross-site scripting vulnerability CWE-79. Daichi Takaki of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA. JPCERT/CC...

5.4CVSS5.8AI score0.01517EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/27 12:0 a.m.•61 views

JVN#08386386: WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" vulnerable to cross-site scripting

The WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" provided by Webdados contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according t...

6.1CVSS6AI score0.01085EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/27 12:0 a.m.•67 views

JVN#68345747: The installers of multiple CELSYS,Inc. software may insecurely load Dynamic Link Libraries

The installers of multiple software provided by CELSYS,Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest install...

7.8CVSS7.7AI score0.02109EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/27 12:0 a.m.•56 views

JVN#01040170: WordPress plugin "WP Google Map Plugin" vulnerable to cross-site scripting

The WordPress plugin "WP Google Map Plugin" provided by Flipper Code contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by...

5.4CVSS5.3AI score0.01066EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/27 12:0 a.m.•57 views

JVN#85531148: WordPress plugin "Events Manager" vulnerable to cross-site scripting

The WordPress plugin "Events Manager" provided by NetWebLogic contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

5.4CVSS5.2AI score0.01517EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/27 12:0 a.m.•75 views

JVN#61081552: WordPress plugin "PixelYourSite" vulnerable to cross-site scripting

The WordPress plugin "PixelYourSite" provided by Minimal Work SRL contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

5.4CVSS5.3AI score0.00766EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/26 6:19 a.m.•3 views

Joruri Gw vulnerable to arbitrary file upload

Overview Joruri Gw provided by SiteBridge Inc. is groupware which runs on Ruby on Rails. Joruri Gw contains a vulnerability that may allow an attacker to upload arbitrary files CWE-434. Shoji Baba of Kobe Digital Labo, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

8.8CVSS7.9AI score0.01721EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/04/26 12:0 a.m.•48 views

JVN#95589314: Joruri Gw vulnerable to arbitrary file upload

Joruri Gw provided by SiteBridge Inc. is groupware which runs on Ruby on Rails. Joruri Gw contains a vulnerability that may allow an attacker to upload arbitrary files CWE-434. Impact A user may upload arbitrary files. When PHP code execution is enabled on the server, a user may execute arbitrary...

8.8CVSS9.1AI score0.01721EPSS
Exploits0
Total number of security vulnerabilities5625