Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/07 7:26 a.m.•4 views

Apache Struts 1 vulnerability that allows unintended remote operations against components on memory

Overview The Apache Sturts 1 ActionForm contains a vulnerability which allows unintended remote operations against components on server memory, such as Servlets and ClassLoader, when the following 2 conditions are met: Condition 1: When the following ActionForm including its subclasses are in the...

8.1CVSS9AI score0.13122EPSS
Exploits0References18
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/07 12:0 a.m.•37 views

JVN#74659077: TERASOLUNA Server Framework for Java(WEB) access restriction bypass vulnerability in the file extention filter

The TERASOLUNA Server Framework for JavaWEB provided by NTT Data Corporation is a software framework for creating web applications. The TERASOLUNA Server Framework for JavaWEB has a function to restrict access to contents with specified file extentions from browser requests. This function may be...

4.3CVSS4.2AI score0.01771EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/07 12:0 a.m.•47 views

JVN#03188560: Apache Struts 1 vulnerability that allows unintended remote operations against components on memory

The Apache Sturts 1 ActionForm contains a vulnerability which allows unintended remote operations against components on server memory, such as Servlets and ClassLoader, when the following 2 conditions are met: Condition 1: When the following ActionForm including its subclasses are in the session...

8.1CVSS8.5AI score0.13122EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/07 12:0 a.m.•47 views

JVN#65044642: Apache Struts 1 vulnerable to input validation bypass

The Apache Struts 1 Validator contains a vulnerability where input validation configurations validation rules, error messages, etc. may be modified. This occurs when the following ActionForm including its subclasses are in the session scope. ValidatorForm ValidatorActionForm Impact Effects vary...

8.2CVSS7.9AI score0.25737EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/02 7:18 a.m.•5 views

Trend Micro enterprise products HTTP header injection vulnerability

Overview Multiple enterprise products provided by Trend Micro Incorporated contain a HTTP header injection vulnerability. According to the developer, exploiting the vulnerability requires access to the LAN environment of the user. Trend Micro Incorporated reported this vulnerability to JPCERT/CC ...

6.1CVSS7.2AI score0.01589EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/02 7:18 a.m.•2 views

Trend Micro Internet Security vulnerable to arbitrary script execution

Overview Trend Micro Internet Security provided by Trend Micro Incorporated contains a vulnerability that may allow arbitrary script execution. According to the developer, attempts to exploit the vulnerability will not succeed from external networks when the default settings are used. Trend Micro...

6.1CVSS6.9AI score0.01636EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/02 7:18 a.m.•4 views

Trend Micro enterprise products directory traversal vulnerability

Overview Multiple enterprise products provided by Trend Micro Incorporated contain a directory traversal vulnerability. According to the developer, exploiting the vulnerability requires access to the LAN environment of the user. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to...

5.3CVSS6.8AI score0.04168EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/02 7:18 a.m.•5 views

Trend Micro Internet Security access restriction flaw

Overview Trend Micro Internet Security provided by Trend Micro Incorporated contains an access restriction flaw. According to the developer, attempts to exploit the vulnerability will not succeed from external networks when the default settings are used. Trend Micro Incorporated reported this...

6.5CVSS6.7AI score0.03462EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/02 12:0 a.m.•35 views

JVN#48789425: Trend Micro Internet Security multiple vulnerabilities

Trend Micro Internet Security provided by Trend Micro Incorporated contains the following vulnerabilities. Access Restriction Flaw - CVE-2016-1225 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 5.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:N/A:N| Base...

6.5CVSS6.8AI score0.03462EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/02 12:0 a.m.•33 views

JVN#48847535: Trend Micro enterprise products multiple vulnerabilities

Multiple enterprise products provided by Trend Micro Incorporated contain the following vulnerabilities. Directory Traversal - CVE-2016-1223 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 4.3 CVSS v2| AV:A/AC:L/Au:N/C:P/I:N/A:N| Base Score:...

6.1CVSS6.3AI score0.04168EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•7 views

Cybozu Garoon logging function vulnerable to directory traversal

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the logging function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early...

4.3CVSS6.5AI score0.01455EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•4 views

Cybozu Garoon function "MultiReport" vulnerable to access restriction bypass

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the function "MultiReport". Yuji Tounai of NTT Com Security Japan KK reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution...

6.5CVSS6.5AI score0.01056EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•3 views

Cybozu Garoon function "Portlets" vulnerable to access restriction bypass

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the function "Portlets". Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact A user may create a portlet which does not belong any...

8.1CVSS6.5AI score0.0123EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•5 views

Cybozu Garoon fails to restrict access permissions

Overview Cybozu Garoon is a groupware. Cybozu Garoon fails to restrict access permissions in the mail function. Note that this vulnerability is different from JVN33879831. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc...

5CVSS6.5AI score0.01298EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•3 views

Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN37121456. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated...

5.4CVSS6AI score0.00802EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•5 views

Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN49285177. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this...

6.1CVSS6AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•5 views

Cybozu Garoon fails to restrict access permissions

Overview Cybozu Garoon is a groupware. Cybozu Garoon fails to restrict access permissions in the API to retrieve the Address Book information. Note that this vulnerability is different from JVN53542912. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through...

4.3CVSS6.5AI score0.01038EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•3 views

Cybozu Garoon vulnerable to open redirect

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an open redirect vulnerability. Jun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC an...

7.4CVSS6.6AI score0.01789EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•5 views

Cybozu Garoon vulnerable to denial-of-service (DoS)

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains a denial-of-service DoS vulnerability. ixama reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated und...

6.5CVSS6.6AI score0.01808EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•7 views

Cybozu Garoon vulnerable to information disclosure

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an information disclosure vulnerability in the mail function. Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC...

7.5CVSS6.1AI score0.01552EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•4 views

Cybozu Garoon function "Files" vulnerable to directory traversal

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the function "Files". Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early...

5.3CVSS6.8AI score0.01912EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•4 views

Cybozu Garoon mail function vulnerable to access restriction bypass

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the mail function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact A spoofed e-mail may be sent by a user. Solution Update the...

6.5CVSS6.6AI score0.01139EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 5:21 a.m.•6 views

DMM.com Securities FX Apps for Android fail to verify SSL server certificates

Overview Multiple Android Applications provided by DMM.com Securities Co.,Ltd. fail to verify SSL server certificates. Gaku Taniguchi of RiskFinder,inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

5.9CVSS6.5AI score0.00928EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 5:7 a.m.•3 views

Source code of Old_GSI_Maps prior to January, 2015 vulnerable to directory traversal

Overview kml2jsonp.php contained in source code of OldGSIMaps prior to January, 2015 provided by the Geospatial Information Authority of Japan GSI contains a directory traversal vulnerability CWE-22. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.5CVSS7AI score0.02181EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 12:0 a.m.•36 views

JVN#26298347: Cybozu Garoon vulnerable to denial-of-service (DoS)

Cybozu Garoon is a groupware. Cybozu Garoon contains a denial-of-service DoS vulnerability. Impact An attacker may be able to cause a denial-of-service DoS that consumes system resources. Solution Update the Software Update to the latest version according to the information provided by the...

6.5CVSS6.6AI score0.01808EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 12:0 a.m.•35 views

JVN#37121456: Cybozu Garoon vulnerable to cross-site scripting

Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...

6.1CVSS5.8AI score0.01009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 12:0 a.m.•35 views

JVN#49285177: Cybozu Garoon vulnerable to cross-site scripting

Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...

5.4CVSS5.4AI score0.00802EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 12:0 a.m.•37 views

JVN#33879831: Cybozu Garoon fails to restrict access permissions

Cybozu Garoon is a groupware. Cybozu Garoon fails to restrict access permissions in the API to retrieve the Address Book information. Impact A user may obtain other user's Address Book information. Solution Update the Software Update to the latest version according to the information provided by...

4.3CVSS4.7AI score0.01038EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 12:0 a.m.•38 views

JVN#14749391: Multiple directory traversal vulnerabilities in Cybozu Garoon

Cybozu Garoon is a groupware. Cybozu Garoon contains following multiple directory traversal vulnerabilities. Directory traversal in the function "Files" - CVE-2016-1191 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N| Base Score: 5.3 CVSS v2|...

5.3CVSS5.3AI score0.01912EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 12:0 a.m.•37 views

JVN#13794955: Source code of Old_GSI_Maps prior to January, 2015 vulnerable to directory traversal

kml2jsonp.php contained in source code of OldGSIMaps prior to January, 2015 provided by the Geospatial Information Authority of Japan GSI contains a directory traversal vulnerability CWE-22. Impact When the product is used in Windows, a remote attacker may obtain arbitrary files from the server...

7.5CVSS7.6AI score0.02181EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 12:0 a.m.•37 views

JVN#40898764: DMM.com Securities FX Apps for Android fail to verify SSL server certificates

Multiple Android Applications provided by DMM.com Securities Co.,Ltd. fail to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the informati...

5.9CVSS5.5AI score0.00928EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 12:0 a.m.•39 views

JVN#25765762: Cybozu Garoon vulnerable to information disclosure

Cybozu Garoon is a groupware. Cybozu Garoon contains an information disclosure vulnerability in the mail function. Impact By sending a specially crafted email, an attacker may be convinced that the user read the email. Solution Update the Software Update to the latest version according to the...

7.5CVSS7.2AI score0.01552EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 12:0 a.m.•28 views

JVN#32218514: Cybozu Garoon vulnerable to open redirect

Cybozu Garoon is a groupware. Cybozu Garoon contains an open redirect vulnerability. Impact When accessing a specially crafted URL, a user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest...

7.4CVSS7.5AI score0.01789EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 12:0 a.m.•46 views

JVN#18975349: Multiple access restriction bypass vulnerabilities in Cybozu Garoon

Cybozu Garoon is a groupware. Cybozu Garoon contains multiple access restriction bypass vulnerabilities below. Operation restriction bypass in the mail function - CVE-2016-1188 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2|...

8.1CVSS7AI score0.0123EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 12:0 a.m.•36 views

JVN#53542912: Cybozu Garoon fails to restrict access permissions

Cybozu Garoon is a groupware. Cybozu Garoon fails to restrict access permissions in the mail function. Impact An unintentional image file may be displayed on the mail view. As a result, an attacker may be convinced that the user read the email. Solution Update the Software Update to the latest...

4.3CVSS4.3AI score0.01298EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/27 4:54 a.m.•4 views

WebARENA formmail vulnerable to cross-site scripting

Overview formmail used for the WebARENA Service provided by NTT PC Communications Incorporated contains a cross-site scripting vulnerability CWE-79. OHTA, Yoshinori of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

6.1CVSS6AI score0.0102EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/27 4:53 a.m.•6 views

Multiple Buffalo wireless LAN routers vulnerable to directory traversal

Overview Multiple wireless LAN routers provided by BUFFALO INC. contain a directory traversal vulnerability CWE-22. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

7.5CVSS6.8AI score0.02181EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/27 4:53 a.m.•4 views

Multiple Buffalo wireless LAN routers vulnerable to information disclosure

Overview Multiple Buffalo wireless LAN routers contain an information disclosure vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

6.5CVSS6.7AI score0.01434EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/27 4:51 a.m.•4 views

Japan Connected-free Wi-Fi vulnerable to API execution

Overview Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains a vulnerability which allows an arbitrary API to be executed by a man-in-the-middle attacker. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

5.6CVSS6.8AI score0.00782EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/27 4:46 a.m.•5 views

H2O use-after-free vulnerability

Overview H2O is an open source web server software. H2O contains a use-after-free vulnerability. Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information Security Early Warning Partnership. Impact An...

7.5CVSS6.6AI score0.04448EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/27 12:0 a.m.•42 views

JVN#81698369: Multiple Buffalo wireless LAN routers vulnerable to directory traversal

Multiple wireless LAN routers provided by BUFFALO INC. contain a directory traversal vulnerability CWE-22. Impact Arbitrary files on the server may be viewed by an attacker who can access the product. Solution Update the Firmware Apply the appropriate firmware update provided by the developer...

7.5CVSS7.6AI score0.02181EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/27 12:0 a.m.•37 views

JVN#46888319: Japan Connected-free Wi-Fi vulnerable to API execution

Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains a vulnerability which allows an arbitrary API to be executed by a man-in-the-middle attacker. Impact Android version of this app may allow an arbitrary API to be executed if permissions to execute that API are granted in...

5.6CVSS5.3AI score0.00782EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/27 12:0 a.m.•25 views

JVN#75813272: Multiple Buffalo wireless LAN routers vulnerable to information disclosure

Multiple Buffalo wireless LAN routers contain an information disclosure vulnerability. Impact Information such as authentication credentials may be disclosed by an unauthenticated remote attacker. Solution Update the Firmware Apply the appropriate firmware update provided by the developer. Produc...

6.5CVSS6.7AI score0.01434EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/27 12:0 a.m.•28 views

JVN#87859762: H2O use-after-free vulnerability

H2O is an open source web server software. H2O contains a use-after-free vulnerability. Impact An attacker may cause a denial-of-service DoS condition by sending a specially crafted packet. Solution Update the Software Update to the latest version according to the information provided by the...

7.5CVSS7.5AI score0.04448EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/27 12:0 a.m.•32 views

JVN#24143619: WebARENA formmail vulnerable to cross-site scripting

formmail used for the WebARENA Service provided by NTT PC Communications Incorporated contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information...

6.1CVSS6.1AI score0.0102EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/26 5:30 a.m.•6 views

NetCommons vulnerable to privilege escalation

Overview NetCommons provided by the NetCommons Project contains a privilege escalation vulnerability. Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user wi...

9CVSS6.8AI score0.01889EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/26 12:0 a.m.•38 views

JVN#00460236: NetCommons vulnerable to privilege escalation

NetCommons provided by the NetCommons Project contains a privilege escalation vulnerability. Impact A user with secretariat privileges "CLERK" may create a user with system administrator privileges "SYSTEMADMIN". Solution Update the Software Update the software according to the information provid...

9CVSS8.8AI score0.01889EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/25 5:37 a.m.•4 views

WordPress plugin "Markdown on Save Improved" vulnerable to cross-site scripting

Overview The WordPress plugin "Markdown on Save Improved" contains a stored cross-site scripting CWE-79 vulnerability. Kenta Yamamoto of Cryptography Laboratory,Department of Information and Communication Engineering, Graduate School of Tokyo Denki University reported this vulnerability to IPA...

6.1CVSS5.9AI score0.01511EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/25 12:0 a.m.•19 views

JVN#26026353: WordPress plugin "Markdown on Save Improved" vulnerable to cross-site scripting

The WordPress plugin "Markdown on Save Improved" contains a stored cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the plugin Update the plugin according to the information provided by the developer. While the...

6.1CVSS6.1AI score0.01511EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/24 7:43 a.m.•4 views

Cross-site Scripting Vulnerability in Hitachi Tuning Manager

Overview A cross-site scripting vulnerability was found in Hitachi Tuning Manager. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

4.7CVSS6.3AI score
Exploits0References2
Total number of security vulnerabilities5625