Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/15 12:0 a.m.•27 views

JVN#75851252: "Honda Moto LINC" App for Android fails to verify SSL server certificates

"Honda Moto LINC" App for Android fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the developer. Products...

5.9CVSS5.5AI score0.00696EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/14 4:39 a.m.•5 views

Cacti vulnerable to SQL injection

Overview Cacti is a web application that graphs stored data collected from network devices. Cacti contains a SQL injection vulnerability due to a flaw in processing user input values for 'localgraphid' in graph.php. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IP...

6.5CVSS7.3AI score0.01084EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/14 12:0 a.m.•39 views

JVN#18957556: Cacti vulnerable to SQL injection

Cacti is a web application that graphs stored data collected from network devices. Cacti contains a SQL injection vulnerability due to a flaw in processing user input values for 'localgraphid' in graph.php. Impact Arbitrary SQL queries may be injected in the back-end database by a remote...

6.5CVSS6.5AI score0.01084EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/12 5:7 a.m.•1 views

MailDealer vulnerable to cross-site scripting

Overview MailDealer provided by RAKUS Co.,Ltd. contains a persistent cross-site scripting CWE-79 vulnerability due to a flaw in processing file names of attachments. Keigo YAMAZAKI of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

5CVSS6AI score0.01171EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/12 12:0 a.m.•26 views

JVN#20133698: MailDealer vulnerable to cross-site scripting

MailDealer provided by RAKUS Co.,Ltd. contains a persistent cross-site scripting CWE-79 vulnerability due to a flaw in processing file names of attachments. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to...

4.3CVSS5.8AI score0.01171EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/01 5:0 a.m.•2 views

EasyCTF vulnerable to session management

Overview EasyCTF is a server side CGI used to score CTF Capture The Flag. EasyCTF contains a vulnerability in session management CWE-639. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote...

5CVSS6.6AI score0.01704EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/01 4:49 a.m.•2 views

EasyCTF vulnerable to cross-site scripting

Overview EasyCTF is a server side CGI used to score CTF Capture The Flag. EasyCTF contains a cross-site scripting vulnerability CWE-79 that can be leveraged by an attacker created account. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

3.5CVSS6AI score0.00954EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/01 4:37 a.m.•2 views

EasyCTF vulnerable to arbitrary file creation

Overview EasyCTF is a server side CGI used to score CTF Capture The Flag. EasyCTF contains a vulnerability that may allow a remote attacker to create arbitrary files CWE-22. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

6.5CVSS7.2AI score0.01255EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/01 12:0 a.m.•34 views

JVN#96439865: EasyCTF vulnerable to session management

EasyCTF is a server side CGI used to score CTF Capture The Flag. EasyCTF contains a vulnerability in session management CWE-639. Impact A remote attacker without login credentials may log in. As a result, information may be disclosed. Solution Update the Software Update to the latest version...

5CVSS6.4AI score0.01704EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/01 12:0 a.m.•31 views

JVN#07538357: EasyCTF vulnerable to cross-site scripting

EasyCTF is a server side CGI used to score CTF Capture The Flag. EasyCTF contains a cross-site scripting vulnerability CWE-79 that can be leveraged by an attacker created account. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the late...

3.5CVSS5.9AI score0.00954EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/05/01 12:0 a.m.•24 views

JVN#67520407: EasyCTF vulnerable to arbitrary file creation

EasyCTF is a server side CGI used to score CTF Capture The Flag. EasyCTF contains a vulnerability that may allow a remote attacker to create arbitrary files CWE-22. Impact An arbitrary file created by an attacker may result in arbitrary code being executed on the server. Solution Update the...

6.5CVSS6.9AI score0.01255EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/23 5:12 a.m.•2 views

TransmitMail vulnerable to directory traversal

Overview TransmitMail is a PHP based mail form. TransmitMail contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer und...

5CVSS6.9AI score0.01866EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/23 4:47 a.m.•2 views

TransmitMail vulnerable to cross-site scripting

Overview TransmitMail is a PHP based mail form. TransmitMail contains a cross-site scripting CWE-79 vulnerability due to the processing of file names. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

4.3CVSS6.1AI score0.01122EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/23 12:0 a.m.•38 views

JVN#26860747: TransmitMail vulnerable to cross-site scripting

TransmitMail is a PHP based mail form. TransmitMail contains a cross-site scripting CWE-79 vulnerability due to the processing of file names. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the informatio...

4.3CVSS6AI score0.01122EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/23 12:0 a.m.•27 views

JVN#41653647: TransmitMail vulnerable to directory traversal

TransmitMail is a PHP based mail form. TransmitMail contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote attacker may view arbitrary files on the server. Solution Update the Software Update to the latest version according to t...

5CVSS6.6AI score0.01866EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/14 4:24 a.m.•5 views

JBoss RichFaces vulnerable to remote Java code execution

Overview JBoss RichFaces contains a remote Java code execution vulnerability. JBoss RichFaces is an Ajax-enabled component library for JavaServer Faces JSF. JBoss RichFaces contains a flaw in parsing the do parameter, which may result in arbitrary Java code execution. Takeshi Terada of Mitsui...

7.5CVSS7.8AI score0.03929EPSS
Exploits1References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/14 12:0 a.m.•49 views

JVN#56297719: JBoss RichFaces vulnerable to remote Java code execution

JBoss RichFaces is an Ajax-enabled component library for JavaServer Faces JSF. JBoss RichFaces contains a flaw in parsing the do parameter, which may result in arbitrary Java code execution. Impact When a specially crafted input is processed, arbitrary Java code may be executed on the application...

6.8CVSS9.3AI score0.03929EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/10 5:38 a.m.•4 views

Seasar S2Struts vulnerable to input validation bypass

Overview Seasar S2Struts provided by The Seasar Foundation is a software framework for developing Java web applications. Seasar S2Struts is vulnerable to an issue contained in the Apache Struts 1 Validator, because S2Struts 1.2.x uses Apache Struts 1.2.x, and S2Struts 1.3.x uses Apache Struts...

7.5CVSS8.4AI score0.21261EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/10 12:0 a.m.•36 views

JVN#91383083: Seasar S2Struts vulnerable to input validation bypass

The Validator in Apache Struts 1.1 and later contains a function MPV -- Multi Page Validator to efficiently define rules for input validation across multiple pages during screen transitions. The MPV contains a vulnerability where input validation may be bypassed. When the Apache Struts 1 Validato...

7.5CVSS7.5AI score0.21261EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/09 4:59 a.m.•11 views

Lhaplus vulnerable to remote code execution

Overview Lhaplus is a file compression/decompression software. Lhaplus contains a remote code execution vulnerability. Masato Kinugawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Decompressing a speciall...

6.8CVSS8.3AI score0.02758EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/09 4:57 a.m.•4 views

Lhaplus vulnerable to directory traversal

Overview Lhaplus is a file compression/decompression software. Lhaplus contains an issue in processing file names, which may result in a directory traversal vulnerability. akirayou of Nico-TECH reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

5.8CVSS6.7AI score0.0156EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/09 12:0 a.m.•33 views

JVN#12329472: Lhaplus vulnerable to remote code execution

Lhaplus is a file compression/decompression software. Lhaplus contains a remote code execution vulnerability. Impact Decompressing a specially crafted file name may result in an arbitrary code execution. Solution Update the Software Update to the latest version according to the information provid...

6.8CVSS7.5AI score0.02758EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/09 12:0 a.m.•23 views

JVN#02527990: Lhaplus vulnerable to directory traversal

Lhaplus is a file compression/decompression software. Lhaplus contains an issue in processing file names, which may result in a directory traversal vulnerability. Impact Decompressing a file with a specially crafted file name may result in a creation of an arbitrary file or an overwrite of an...

5.8CVSS6.4AI score0.0156EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/07 3:12 a.m.•3 views

bBlog vulnerable to cross-site request forgery

Overview bBlog is weblog software. bBlog contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Do not use bBlog bBlog is no longer being developed or maintained. It is recommended to...

6.8CVSS6.7AI score0.00992EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/07 12:0 a.m.•25 views

JVN#71903938: bBlog vulnerable to cross-site request forgery

bBlog is weblog software. bBlog contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Do not use bBlog bBlog is no longer being developed or maintained. It is recommended to stop using...

6.8CVSS6.5AI score0.00992EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/03 4:36 a.m.•1 views

"Restaurant Karaoke SHIDAX" App for Android fails to verify SSL server certificates

Overview "Restaurant Karaoke SHIDAX" App for Android fails to verify SSL server certificates. Yasuyuki KOBAYASHI reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attack...

5.9CVSS6.5AI score0.00752EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/03 12:0 a.m.•37 views

JVN#68819526: "Restaurant Karaoke SHIDAX" App for Android fails to verify SSL server certificates

"Restaurant Karaoke SHIDAX" App for Android fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the developer...

5.9CVSS5.5AI score0.00752EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/02 3:30 a.m.•1 views

Maruo Editor vulnerable to buffer overflow

Overview Maruo Editor provided by Saitoh Kikaku contains a buffer overflow vulnerability due to a flaw in processing a specially crafted .hmbook file CWE-119. Masato Kinugawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

7.5CVSS7.5AI score0.03153EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/02 12:0 a.m.•35 views

JVN#58784309: Maruo Editor vulnerable to buffer overflow

Maruo Editor provided by Saitoh Kikaku contains a buffer overflow vulnerability due to a flaw in processing a specially crafted .hmbook file CWE-119. Impact By processing a specially crafted .hmbook file, arbitrary code may be executed. Solution Update the Software Update to the latest version...

7.5CVSS7.2AI score0.03153EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/31 4:48 a.m.•1 views

All in One SEO Pack information management vulnerability

Overview All in One SEO Pack is a WordPress plugin. All in One SEO Pack automatically adds a meta tag "Meta Description" to a page using some part of its contents, and this behavior is enabled in the initial configuration. Meta Description can be added even when a page is password-protected,...

5CVSS6.5AI score0.03029EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/31 12:0 a.m.•221 views

JVN#75615300: All in One SEO Pack information management vulnerability

All in One SEO Pack is a WordPress plugin. All in One SEO Pack automatically adds a meta tag "Meta Description" to a page using some part of its contents, and this behavior is enabled in the initial configuration. Meta Description can be added even when a page is password-protected, therefore som...

5CVSS6.1AI score0.03029EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/27 5:12 a.m.•1 views

Android OS may behave as an open resolver

Overview A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Android OS contains an issue where it may behave as an open resolver when the tethering function is enabled. Yasuhiro Orange Morishita of Japan...

2.6CVSS6.6AI score
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/27 12:0 a.m.•19 views

JVN#81094176: Android OS may behave as an open resolver

A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Android OS contains an issue where it may behave as an open resolver when the tethering function is enabled. Impact The Android device may be used in a DNS...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/26 5:4 a.m.•3 views

WordPress theme flashy vulnerable to cross-site scripting

Overview flashy is a theme for WordPress. flashy contains a cross-site scripting vulnerability. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the user'...

4.3CVSS6.2AI score0.01973EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/26 5:0 a.m.•2 views

Fumy Teacher's Schedule Board vulnerable to cross-site scripting

Overview Fumy Teacher's Schedule Board provided by Nishishi Factory is a CGI program that displays schedules. Fumy Teacher's Schedule Board contains a cross-site scripting vulnerability. OHTA, Yoshinori of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

4.3CVSS6AI score0.01184EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/26 12:0 a.m.•24 views

JVN#97281747: WordPress theme flashy vulnerable to cross-site scripting

flashy is a theme for WordPress. flashy contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use flashy flashy is no longer being developed or maintained. It is recommended to stop using flashy. Products Affected flas...

4.3CVSS6AI score0.01973EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/26 12:0 a.m.•30 views

JVN#74547976: Fumy Teacher's Schedule Board vulnerable to cross-site scripting

Fumy Teacher's Schedule Board provided by Nishishi Factory is a CGI program that displays schedules. Fumy Teacher's Schedule Board contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest...

4.3CVSS5.9AI score0.01184EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/24 5:10 a.m.•3 views

The Validator in TERASOLUNA Server Framework for Java(WEB) vulnerable to input validation bypass

Overview The TERASOLUNA Server Framework for JavaWEB provided by NTT Data Corporation is a software framework for creating web applications. The TERASOLUNA Server Framework for JavaWEB is vulnerable to an issue contained in the Apache Struts 1 Validator, since it uses Apache Struts 1.2.9. The...

7.5CVSS8.5AI score0.21261EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/24 12:0 a.m.•46 views

JVN#86448949: The Validator in TERASOLUNA Server Framework for Java(WEB) vulnerable to input validation bypass

The Validator in Apache Struts 1.1 and later contains a function MPV -- Multi Page Validator to efficiently define rules for input validation across multiple pages during screen transitions. The MPV contains a vulnerability where input validation may be bypassed. When the Apache Struts 1 Validato...

7.5CVSS7.6AI score0.21261EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/20 7:16 a.m.•4 views

LINE vulnerable to script injection

Overview LINE provided by LINE Corporation is an application used to communicate with others. LINE is vulnerable to MITM man-in-the-middle attacks since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle...

5.9CVSS6.5AI score0.0018EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/20 3:30 a.m.•3 views

MP Form Mail CGI eCommerce edition vulnerable to code injection

Overview MP Form Mail CGI eCommerce edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce edition contains a code injection vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...

7.5CVSS7.1AI score0.02443EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/20 12:0 a.m.•46 views

JVN#39175666: MP Form Mail CGI eCommerce edition vulnerable to code injection

MP Form Mail CGI eCommerce edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce edition contains a code injection vulnerability. Impact Arbitrary Perl code may be executed on the server where it resides. Solution Update the software Update to...

7.5CVSS6.7AI score0.02443EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/20 12:0 a.m.•32 views

JVN#41281927: LINE vulnerable to script injection

LINE provided by LINE Corporation is an application used to communicate with others. LINE is vulnerable to MITM man-in-the-middle attacks since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle attacker. Impac...

5.9CVSS5.3AI score0.0018EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/17 4:41 a.m.•2 views

eXtplorer vulnerable to cross-site scripting

Overview eXtplorer is a web-based file manager. eXtplorer contains multiple cross-site scripting vulnerabilities. Yuji Tounai of NTT COM Security reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

4.3CVSS6.3AI score0.01187EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/17 12:0 a.m.•27 views

JVN#97099798: eXtplorer vulnerable to cross-site scripting

eXtplorer is a web-based file manager. eXtplorer contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products...

4.3CVSS5.6AI score0.01187EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/06 4:46 a.m.•5 views

All In One WP Security & Firewall vulnerable to cross-site request forgery

Overview All In One WP Security & Firewall is WordPress plugin that provides security functionality. All In One WP Security & Firewall contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, access logs 404 events maintained by the...

6.8CVSS6.4AI score0.01076EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/06 4:45 a.m.•2 views

All In One WP Security & Firewall vulnerable to SQL injection

Overview All In One WP Security & Firewall is WordPress plugin that provides security functionality. All In One WP Security & Firewall contains a SQL injection vulnerability CWE-89. oooooooq reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

6CVSS7.8AI score0.01539EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/06 12:0 a.m.•34 views

JVN#30832515: All In One WP Security & Firewall vulnerable to SQL injection

All In One WP Security & Firewall is WordPress plugin that provides security functionality. All In One WP Security & Firewall contains a SQL injection vulnerability CWE-89. Impact If an administrator views a malicious page while logged in, an arbitrary SQL command may be executed. Solution Update...

6CVSS7.1AI score0.01539EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/06 12:0 a.m.•25 views

JVN#87204433: All In One WP Security & Firewall vulnerable to cross-site request forgery

All In One WP Security & Firewall is WordPress plugin that provides security functionality. All In One WP Security & Firewall contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, access logs 404 events maintained by the product may ...

6.8CVSS6.1AI score0.01076EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/04 5:49 a.m.•3 views

Maroyaka Relay Novel vulnerable to cross-site scripting

Overview Maroyaka Relay Novel provided by Maroyaka CGI is a CGI script for posting text into a website. Maroyaka Relay Novel contains a persistent cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

5CVSS6.1AI score0.01148EPSS
Exploits0References5
Total number of security vulnerabilities5625