Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/08 12:0 a.m.•21 views

JVN#78482127: EC-CUBE plugin "Social-button Plugin Premium" and "Social-button Plugin" vulnerable to cross-site scripting

EC-CUBE plugin "Social-button Plugin Premium" and "Social-button Plugin" provided by Cyber-Will Inc. contain a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to th...

6.1CVSS6AI score0.01625EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 6:29 a.m.•4 views

baserCMS plugin "Casebook Plugin" vulnerable to cross-site request forgery

Overview baserCMS plugin "Casebook Plugin" contains a cross-site request forgery vulnerability CWE-352. Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

8.8CVSS6.7AI score0.00629EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 6:29 a.m.•5 views

baserCMS plugin "Casebook Plugin" vulnerable to cross-site scripting

Overview baserCMS plugin "Casebook Plugin" contains a cross-site scripting vulnerability CWE-79. Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6.1AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 6:29 a.m.•2 views

baserCMS plugin "Menubook Plugin" vulnerable to cross-site request forgery

Overview baserCMS plugin "Menubook Plugin" contains a cross-site request forgery vulnerability. CWE-352 Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

8.8CVSS6.7AI score0.00629EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 6:29 a.m.•4 views

baserCMS plugin "Menubook Plugin" vulnerable to cross-site scripting

Overview baserCMS plugin "Menubook Plugin" contains a cross-site scripting vulnerability. CWE-79 Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6.1AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 6:29 a.m.•4 views

baserCMS plugin "Recruit Plugin" vulnerable to cross-site request forgery

Overview baserCMS plugin "Recruit Plugin" contains a cross-site request forgery vulnerability. CWE-352 Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

8.8CVSS6.7AI score0.00629EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 6:29 a.m.•5 views

baserCMS plugin "Recruit Plugin" vulnerable to cross-site scripting

Overview baserCMS plugin "Recruit Plugin" contains a cross-site scripting vulnerability. CWE-79 Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6.1AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 12:0 a.m.•40 views

JVN#26627848: baserCMS plugin "Menubook Plugin" multiple vulnerabilities

baserCMS plugin "Menubook Plugin" contains multiple vulnerabilities: Cross-site scripting CWE-79 - CVE-2016-1169 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:L/Au:S/C:N/I:P/A:N| Base Score: 4.0 Cross-site request forger...

8.8CVSS7.4AI score0.01009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 12:0 a.m.•35 views

JVN#13288761: baserCMS plugin "Recruit Plugin" multiple vulnerabilities

baserCMS plugin "Recruit Plugin" contains multiple vulnerabilities: Cross-site scripting CWE-79 - CVE-2016-1169 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:L/Au:S/C:N/I:P/A:N| Base Score: 4.0 Cross-site request forgery...

8.8CVSS7.4AI score0.01009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/06 12:0 a.m.•21 views

JVN#55801246: baserCMS plugin "Casebook Plugin" multiple vulnerabilities

baserCMS plugin "Casebook Plugin" contains multiple vulnerabilities: Cross-site scripting CWE-79 - CVE-2016-1169 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:L/Au:S/C:N/I:P/A:N| Base Score: 4.0 Cross-site request forger...

8.8CVSS7.4AI score0.01009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/04 6:30 a.m.•4 views

WisePoint contains issue in preventing clickjacking attacks

Overview WisePoint contains an issue in the protection against clickjacking attacks on the management screen. Hiroki Ikemoto of NTT SOFT SERVICE Corp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user...

6.1CVSS6.5AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/04 6:30 a.m.•3 views

ActiveX control for EVA Animator vulnerable to buffer overflow

Overview ActiveX control for EVA Animator provided by Sharp Corporation contains a buffer overflow vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

6.8CVSS7.6AI score0.01147EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/04 6:30 a.m.•4 views

AQUOS Photo Player HN-PP150 vulnerable to cross-site request forgery

Overview AQUOS Photo Player HN-PP150 provided by Sharp Corporation contains a cross-site request forgery vulnerability CWE-352. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact ...

5.8CVSS6.5AI score0.00766EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/04 12:0 a.m.•37 views

JVN#28480773: WisePoint contains issue in preventing clickjacking attacks

WisePoint contains an issue in the protection against clickjacking attacks on the management screen. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the Software Update to the latest version according to the information provided by...

6.1CVSS6.1AI score0.01009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/04 12:0 a.m.•32 views

JVN#47164236: AQUOS Photo Player HN-PP150 vulnerable to cross-site request forgery

AQUOS Photo Player HN-PP150 provided by Sharp Corporation contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page, information such as settings may be altered unintentionaly. Solution Update the Firmware Update to the latest firmware version according ...

5.8CVSS4.5AI score0.00766EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/04 12:0 a.m.•33 views

JVN#41875357: ActiveX control for EVA Animator vulnerable to buffer overflow

ActiveX control for EVA Animator provided by Sharp Corporation contains a buffer overflow vulnerability. Impact If a user views a malicious page, arbitrary code may be executed. Solution Remove ActiveX control for EVA Animator The EVA Animator service ended and the related website for its service...

6.8CVSS6.8AI score0.01147EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/03/30 5:49 a.m.•6 views

Aterm WF800HP vulnerable to cross-site request forgery

Overview Aterm WF800HP provided by NEC Corporation contains a cross-site request forgery vulnerability CWE-352. Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

8.8CVSS6.5AI score0.00629EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/03/30 5:49 a.m.•4 views

Aterm WG300HP vulnerable to cross-site request forgery

Overview Aterm WG300HP provided by NEC Corporation contains a cross-site request forgery vulnerability CWE-352. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.8CVSS6.5AI score0.00629EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/03/30 12:0 a.m.•29 views

JVN#07818796: Aterm WF800HP vulnerable to cross-site request forgery

Aterm WF800HP provided by NEC Corporation contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Firmware Update to the latest firmware version according to the information...

8.8CVSS8.7AI score0.00629EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/03/30 12:0 a.m.•27 views

JVN#82020528: Aterm WG300HP vulnerable to cross-site request forgery

Aterm WG300HP provided by NEC Corporation contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Apply a Workaround The following workaround may mitigate the affects of this...

8.8CVSS8.6AI score0.00629EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/03/24 3:28 a.m.•6 views

WordPress plugin "WP Favorite Posts" vulnerable to cross-site scripting

Overview "WP Favorite Posts" is a plugin for WordPress. WP Favorite Posts contains a cross-site scripting vulnerability. Note that this vulnerability cannot be exploited on the default settings. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC...

6.1CVSS6.1AI score0.01491EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/03/24 12:0 a.m.•29 views

JVN#86517621: WordPress plugin "WP Favorite Posts" vulnerable to cross-site scripting

"WP Favorite Posts" is a plugin for WordPress. WP Favorite Posts contains a cross-site scripting vulnerability. Note that this vulnerability cannot be exploited on the default settings. Impact An arbitrary script may be executed on the user's web browser. Solution Update the plugin Update to the...

6.1CVSS6AI score0.01491EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/03/07 8:0 a.m.•4 views

Information Disclosure Vulnerability in Hitachi Compute Systems Manager

Overview An Information Disclosure Vulnerability was found in Hitachi Compute Systems Manager. Impact An attacker might exploit this vulnerability to obtain sensitive session information. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriat...

3.5CVSS6.2AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/03/02 5:52 a.m.•6 views

Multiple Corega wireless LAN routers vulnerable to cross-site request forgery

Overview Multiple wireless LAN routers provided by Corega Inc contain a cross-site request forgery vulnerability CWE-352. Yutaka Kokubu and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. and Ueki Shuya reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

8.8CVSS6.7AI score0.00616EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/03/02 12:0 a.m.•35 views

JVN#59349382: Multiple Corega wireless LAN routers vulnerable to cross-site request forgery

Multiple wireless LAN routers provided by Corega Inc contain a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged into the management screen, various administrative functions may be performed. Solution Apply a workaround The following workaround...

8.8CVSS8.8AI score0.00616EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/25 7:9 a.m.•4 views

Remote File Inclusion Vulnerability in Hitachi Command Suite

Overview A Remote File Inclusion Vulnerability was found in Hitachi Command Suite. Impact Malicious attacker might exploit this vulnerability to load external files into a browser. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate actio...

3.4CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/22 5:56 a.m.•5 views

Log-Chat vulnerable to cross-site scripting

Overview Log-Chat provided by Script contains a stored cross-site scripting vulnerability CWE-79. Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.1CVSS5.9AI score0.01009EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/22 12:0 a.m.•35 views

JVN#93535632: Log-Chat vulnerable to cross-site scripting

Log-Chat provided by Script contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected Log-Ch...

6.1CVSS6AI score0.01009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/19 5:43 a.m.•9 views

LINE for Windows and LINE for Mac OS vulnerable to denial-of-service (DoS)

Overview LINE for Windows and LINE for Mac OS contain a denial-of-service DoS vulnerability due to an issue in displaying the Timeline. Jun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.7CVSS6.5AI score0.01071EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/19 5:42 a.m.•3 views

EC-CUBE plugin "Help plug-in" vulnerable to SQL injection

Overview EC-CUBE plugin "Help plug-in" provided by Cuore contains an SQL injection vulnerability CWE-89. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

9.1CVSS7.6AI score0.01361EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/19 5:39 a.m.•6 views

Internet Explorer cross-domain policy bypass

Overview Internet Explorer contains a flaw that may allow an attacker to bypass cross-domain policies. Yosuke HASEGAWA of Secure Sky Technology Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When a...

9.3CVSS6.5AI score0.19238EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/19 5:39 a.m.•7 views

baserCMS vulnerable to OS command injection

Overview baserCMS is an open-source Contents Management System CMS. baserCMS contains an OS command injection vulnerability CWE-78. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary OS...

6.5CVSS7.3AI score0.01056EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/19 12:0 a.m.•43 views

JVN#78383854: Internet Explorer cross-domain policy bypass

Internet Explorer contains an information disclosure vulnerability due to a flaw in handling cross-domain policies. Impact When a specially crafted content is opened, cross-domain policies may be bypassed and then information of the URL that the user is accessing may be obtained by an attacker...

9.3CVSS8.1AI score0.19238EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/19 12:0 a.m.•28 views

JVN#46044093: LINE for Windows and LINE for Mac OS vulnerable to denial-of-service (DoS)

LINE for Windows and LINE for Mac OS contain a denial-of-service DoS vulnerability due to an issue in displaying the Timeline. Impact By displaying a specially crafted post in Timeline, the product may be abnormally terminated. Solution Update the software Update to the latest version according t...

5.7CVSS5.4AI score0.01071EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/19 12:0 a.m.•41 views

JVN#31524757: EC-CUBE plugin "Help plug-in" vulnerable to SQL injection

EC-CUBE plugin "Help plug-in" provided by Cuore contains an SQL injection vulnerability CWE-89. Impact Information stored in the database may be obtained or altered by a remote attacker. Solution Update the plugin Update to the latest version according to the information provided by the developer...

9.1CVSS9.4AI score0.01361EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/19 12:0 a.m.•23 views

JVN#69854312: baserCMS vulnerable to OS command injection

baserCMS is an open-source Contents Management System CMS. baserCMS contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed on the server by a logged in attacker. Solution Update the Software Update to the latest version according to the information...

6.5CVSS6.6AI score0.01056EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 7:21 a.m.•2 views

Cybozu Office vulnerable to cross-site scripting

Overview Cybozu Office contains a cross-site scripting vulnerability CWE-79 in multiple functions. Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc...

6.1CVSS6.1AI score0.01069EPSS
Exploits0References18
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 7:20 a.m.•3 views

Cybozu Office vulnerable to open redirect

Overview Cybozu Office contains an open redirect vulnerability in network functions. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest...

7.4CVSS6.6AI score0.01254EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 7:20 a.m.•4 views

Cybozu Office vulnerable to cross-site request forgery

Overview Cybozu Office contains a cross-site request forgery vulnerability CWE-352 in multiple functions. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the Software Update to the latest version according to the information provide...

8.8CVSS6.6AI score0.00629EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 6:45 a.m.•4 views

Cybozu Office access restriction bypass vulnerability

Overview Cybozu Office contains an access restriction bypass vulnerability in multiple functions. Impact A remote unauthenticated attacker may view the information about the groupware. An authenticated attacker may obtain privileged information or may cause specific functions to become unusable...

5.5CVSS6.8AI score0.01164EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 6:44 a.m.•2 views

Cybozu Office vulnerable to information disclosure

Overview Cybozu Office contains an information disclosure vulnerability. Note that this vulnerability is different from JVN28042424. Impact If a user views a malicious page while logged in, token used for cross-site request forgery CSRF protection may be disclosed. As a result, an attacker who...

4.3CVSS6.3AI score0.01154EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 6:44 a.m.•2 views

Cybozu Office vulnerable to information disclosure

Overview Cybozu Office contains an information disclosure vulnerability in the mail function. Note that this vulnerability is different from JVN47296923. Impact When a specially crafted mail is opened, images files accessible by authenticated users may be obtained by a third-party. Solution Updat...

5CVSS6.1AI score0.01166EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 6:43 a.m.•3 views

Cybozu Office vulnerable to denial-of-service (DoS)

Overview Cybozu Office contains a denial-of-service DoS vulnerability due to an issue in "customapp". Impact An authenticated attacker may cause a denial-of-service DoS condition which all users can not use the system. Solution Update the Software Update to the latest version according to the...

6.8CVSS6.5AI score0.01609EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 12:56 a.m.•3 views

Microsoft Producer for Microsoft Office PowerPoint vulnerable to cross-site scripting

Overview Microsoft Producer for Microsoft Office PowerPoint may create a web page which contains a DOM-based cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Microsoft Producer for Microsoft Office PowerPoint...

4.7CVSS6.2AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 12:0 a.m.•36 views

JVN#20246313: Cybozu Office vulnerable to denial-of-service (DoS)

Cybozu Office contains a denial-of-service DoS vulnerability due to an issue in "customapp". Impact An authenticated attacker may cause a denial-of-service DoS condition which all users can not use the system. Solution Update the Software Update to the latest version according to the information...

6.8CVSS6.4AI score0.01609EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 12:0 a.m.•33 views

JVN#71428831: Cybozu Office vulnerable to open redirect

Cybozu Office contains an open redirect vulnerability in network functions. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update to the latest version...

7.4CVSS7.3AI score0.01254EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 12:0 a.m.•32 views

JVN#28042424: Cybozu Office vulnerable to information disclosure

Cybozu Office contains an information disclosure vulnerability in the mail function. Impact When a specially crafted mail is opened, images files accessible by authenticated users may be obtained by a third-party. Solution Update the Software Update to the latest version according to the...

4.3CVSS4.2AI score0.01166EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 12:0 a.m.•34 views

JVN#47296923: Cybozu Office vulnerable to information disclosure

Cybozu Office contains an information disclosure vulnerability. Impact If a user views a malicious page while logged in, token used for cross-site request forgery CSRF protection may be disclosed. As a result, an attacker who obtains the CSRF token can perform further attacks. Solution Update the...

4.3CVSS4.7AI score0.01154EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 12:0 a.m.•27 views

JVN#69278491: Cybozu Office vulnerable to cross-site scripting

Cybozu Office contains a cross-site scripting vulnerability CWE-79 in multiple functions. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected Cyboz...

6.1CVSS5.9AI score0.01069EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 12:0 a.m.•37 views

JVN#48720230: Cybozu Office access restriction bypass vulnerability

Cybozu Office contains an access restriction bypass vulnerability in multiple functions. Impact A remote unauthenticated attacker may view the information about the groupware. An authenticated attacker may obtain privileged information or may cause specific functions to become unusable. Solution...

5.5CVSS5.6AI score0.01164EPSS
Exploits0
Total number of security vulnerabilities5625