Refine your search
4 vulnerabilities found for CS-Cart by Simtech Ltd.
jvndb-2017-000235
Vulnerability from jvndb
Published
2017-11-13 15:30
Modified
2018-03-07 13:36
Severity ?
Summary
CS-Cart Japanese Edition vulnerable to cross-site scripting
Details
CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition contains a cross-site scripting vulnerabulity (CWE-79).
Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000235.html",
"dc:date": "2018-03-07T13:36+09:00",
"dcterms:issued": "2017-11-13T15:30+09:00",
"dcterms:modified": "2018-03-07T13:36+09:00",
"description": "CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition contains a cross-site scripting vulnerabulity (CWE-79).\r\n\r\nSatoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000235.html",
"sec:cpe": {
"#text": "cpe:/a:misc:simtech_ltd_cs-cart",
"@product": "CS-Cart",
"@vendor": "Simtech Ltd.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000235",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN29602086/index.html",
"@id": "JVN#29602086",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10886",
"@id": "CVE-2017-10886",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10886",
"@id": "CVE-2017-10886",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "CS-Cart Japanese Edition vulnerable to cross-site scripting"
}
jvndb-2017-000057
Vulnerability from jvndb
Published
2017-04-10 18:13
Modified
2018-01-24 13:49
Severity ?
Summary
CS-Cart Japanese Edition vulnerable to cross-site request forgery
Details
CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition contains a cross-site request forgery (CWE-352) vulnerability.
Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000057.html",
"dc:date": "2018-01-24T13:49+09:00",
"dcterms:issued": "2017-04-10T18:13+09:00",
"dcterms:modified": "2018-01-24T13:49+09:00",
"description": "CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition contains a cross-site request forgery (CWE-352) vulnerability.\r\n\r\nHirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000057.html",
"sec:cpe": {
"#text": "cpe:/a:misc:simtech_ltd_cs-cart",
"@product": "CS-Cart",
"@vendor": "Simtech Ltd.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000057",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN87770873/index.html",
"@id": "JVN#87770873",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2138",
"@id": "CVE-2017-2138",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2138",
"@id": "CVE-2017-2138",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "CS-Cart Japanese Edition vulnerable to cross-site request forgery"
}
jvndb-2017-000056
Vulnerability from jvndb
Published
2017-04-10 18:13
Modified
2017-06-01 17:39
Severity ?
Summary
CS-Cart Japanese Edition fails to restrict access permissions
Details
CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition fails to restrict access permissions (CWE-425).
Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000056.html",
"dc:date": "2017-06-01T17:39+09:00",
"dcterms:issued": "2017-04-10T18:13+09:00",
"dcterms:modified": "2017-06-01T17:39+09:00",
"description": "CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition fails to restrict access permissions (CWE-425).\r\n\r\nHirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000056.html",
"sec:cpe": {
"#text": "cpe:/a:misc:simtech_ltd_cs-cart",
"@product": "CS-Cart",
"@vendor": "Simtech Ltd.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000056",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN14396697/index.html",
"@id": "JVN#14396697",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2139",
"@id": "CVE-2017-2139",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2139",
"@id": "CVE-2017-2139",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "CS-Cart Japanese Edition fails to restrict access permissions"
}
jvndb-2017-000061
Vulnerability from jvndb
Published
2017-04-10 13:47
Modified
2017-06-06 11:52
Severity ?
Summary
CS-Cart Japanese Edition fails to restrict access permissions
Details
CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition fails to restrict access permissions (CWE-425).
Note that this vulnerability is different from JVN#14396697.
Hirota Kazuki of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000061.html",
"dc:date": "2017-06-06T11:52+09:00",
"dcterms:issued": "2017-04-10T13:47+09:00",
"dcterms:modified": "2017-06-06T11:52+09:00",
"description": "CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition fails to restrict access permissions (CWE-425).\r\n\r\nNote that this vulnerability is different from JVN#14396697.\r\n\r\nHirota Kazuki of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000061.html",
"sec:cpe": {
"#text": "cpe:/a:misc:simtech_ltd_cs-cart",
"@product": "CS-Cart",
"@vendor": "Simtech Ltd.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000061",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN25598952/index.html",
"@id": "JVN#25598952",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2143",
"@id": "CVE-2017-2143",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2143",
"@id": "CVE-2017-2143",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "CS-Cart Japanese Edition fails to restrict access permissions"
}