Refine your search
7 vulnerabilities found for SHIRASAGI by SHIRASAGI Project
jvndb-2024-000111
Vulnerability from jvndb
Published
2024-10-16 14:12
Modified
2024-10-23 17:35
Severity ?
Summary
SHIRASAGI vulnerable to path traversal
Details
SHIRASAGI provided by SHIRASAGI Project processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability (CWE-22).
Shogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000111.html",
"dc:date": "2024-10-23T17:35+09:00",
"dcterms:issued": "2024-10-16T14:12+09:00",
"dcterms:modified": "2024-10-23T17:35+09:00",
"description": "SHIRASAGI provided by SHIRASAGI Project processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability (CWE-22).\r\n\r\nShogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000111.html",
"sec:cpe": {
"#text": "cpe:/a:ss-proj:shirasagi",
"@product": "SHIRASAGI",
"@vendor": "SHIRASAGI Project",
"@version": "2.2"
},
"sec:cvss": {
"@score": "8.6",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000111",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN58721679/index.html",
"@id": "JVN#58721679",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-46898",
"@id": "CVE-2024-46898",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "SHIRASAGI vulnerable to path traversal"
}
jvndb-2023-000088
Vulnerability from jvndb
Published
2023-09-04 13:41
Modified
2024-05-14 17:58
Severity ?
Summary
Multiple vulnerabilities in SHIRASAGI
Details
SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below.
* Reflected cross-site scripting (CWE-79) - CVE-2023-36492
* Stored cross-site scripting (CWE-79) - CVE-2023-38569
* Path traversal (CWE-22) - CVE-2023-39448
CVE-2023-36492, CVE-2023-38569
Taiga Shirakura of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-39448
Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000088.html",
"dc:date": "2024-05-14T17:58+09:00",
"dcterms:issued": "2023-09-04T13:41+09:00",
"dcterms:modified": "2024-05-14T17:58+09:00",
"description": "SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below.\r\n\r\n * Reflected cross-site scripting (CWE-79) - CVE-2023-36492\r\n * Stored cross-site scripting (CWE-79) - CVE-2023-38569\r\n * Path traversal (CWE-22) - CVE-2023-39448\r\n\r\nCVE-2023-36492, CVE-2023-38569\r\nTaiga Shirakura of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-39448\r\nMasashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000088.html",
"sec:cpe": {
"#text": "cpe:/a:ss-proj:shirasagi",
"@product": "SHIRASAGI",
"@vendor": "SHIRASAGI Project",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000088",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN82758000/index.html",
"@id": "JVN#82758000",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-36492",
"@id": "CVE-2023-36492",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-38569",
"@id": "CVE-2023-38569",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-39448",
"@id": "CVE-2023-39448",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-36492",
"@id": "CVE-2023-36492",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38569",
"@id": "CVE-2023-38569",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39448",
"@id": "CVE-2023-39448",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in SHIRASAGI"
}
jvndb-2023-000018
Vulnerability from jvndb
Published
2023-02-22 15:16
Modified
2024-06-10 17:18
Severity ?
Summary
Multiple cross-site scripting vulnerabilities in SHIRASAGI
Details
SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below.
* Stored cross-site scripting vulnerability on Schedule function (CWE-79) - CVE-2023-22425
* Stored cross-site scripting vulnerability on Theme switching function (CWE-79) - CVE-2023-22427
CVE-2023-22425
Ren Toda of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-22427
SHIRASAGI Project reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000018.html",
"dc:date": "2024-06-10T17:18+09:00",
"dcterms:issued": "2023-02-22T15:16+09:00",
"dcterms:modified": "2024-06-10T17:18+09:00",
"description": "SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below.\r\n\r\n * Stored cross-site scripting vulnerability on Schedule function (CWE-79) - CVE-2023-22425\r\n * Stored cross-site scripting vulnerability on Theme switching function (CWE-79) - CVE-2023-22427\r\n\r\nCVE-2023-22425\r\nRen Toda of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-22427\r\nSHIRASAGI Project reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000018.html",
"sec:cpe": {
"#text": "cpe:/a:ss-proj:shirasagi",
"@product": "SHIRASAGI",
"@vendor": "SHIRASAGI Project",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000018",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN18765463/index.html",
"@id": "JVN#18765463",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22425",
"@id": "CVE-2023-22425",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22427",
"@id": "CVE-2023-22427",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22425",
"@id": "CVE-2023-22425",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22427",
"@id": "CVE-2023-22427",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple cross-site scripting vulnerabilities in SHIRASAGI"
}
jvndb-2022-000083
Vulnerability from jvndb
Published
2022-10-25 15:10
Modified
2024-06-05 16:06
Severity ?
Summary
Multiple vulnerabilities in SHIRASAGI
Details
SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below.
<ul>
<li>Open Redirect (CWE-601) - CVE-2022-43479
<li>Stored Cross-site Scripting (CWE-79) - CVE-2022-43499</ul>
SHIGA TAKUMA of BroadBand Security, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000083.html",
"dc:date": "2024-06-05T16:06+09:00",
"dcterms:issued": "2022-10-25T15:10+09:00",
"dcterms:modified": "2024-06-05T16:06+09:00",
"description": "SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\r\n\u003cli\u003eOpen Redirect (CWE-601) - CVE-2022-43479\r\n\u003cli\u003eStored Cross-site Scripting (CWE-79) - CVE-2022-43499\u003c/ul\u003e\r\nSHIGA TAKUMA of BroadBand Security, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000083.html",
"sec:cpe": [
{
"#text": "cpe:/a:ss-proj:shirasagi",
"@product": "SHIRASAGI",
"@vendor": "SHIRASAGI Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:ss-proj:shirasagi",
"@product": "SHIRASAGI",
"@vendor": "SHIRASAGI Project",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000083",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN86350682/index.html",
"@id": "JVN#86350682",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-43479",
"@id": "CVE-2022-43479",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-43499",
"@id": "CVE-2022-43499",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43479",
"@id": "CVE-2022-43479",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43499",
"@id": "CVE-2022-43499",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in SHIRASAGI"
}
jvndb-2022-000043
Vulnerability from jvndb
Published
2022-06-09 13:31
Modified
2024-06-18 11:13
Severity ?
Summary
SHIRASAGI vulnerable to cross-site scripting
Details
SHIRASAGI provided by SHIRASAGI Project contains a cross-site scripting vulnerability (CWE-79).
hibiki moriyama of STNet, Incorporated reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000043.html",
"dc:date": "2024-06-18T11:13+09:00",
"dcterms:issued": "2022-06-09T13:31+09:00",
"dcterms:modified": "2024-06-18T11:13+09:00",
"description": "SHIRASAGI provided by SHIRASAGI Project contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nhibiki moriyama of STNet, Incorporated reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000043.html",
"sec:cpe": [
{
"#text": "cpe:/a:ss-proj:shirasagi",
"@product": "SHIRASAGI",
"@vendor": "SHIRASAGI Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:ss-proj:shirasagi",
"@product": "SHIRASAGI",
"@vendor": "SHIRASAGI Project",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000043",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN32962443/index.html",
"@id": "JVN#32962443",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-29485",
"@id": "CVE-2022-29485",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29485",
"@id": "CVE-2022-29485",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "SHIRASAGI vulnerable to cross-site scripting"
}
jvndb-2020-000045
Vulnerability from jvndb
Published
2020-07-09 15:08
Modified
2020-07-09 15:08
Severity ?
Summary
SHIRASAGI vulnerable to open redirect
Details
SHIRASAGI provided by SHIRASAGI Project contains an open redirect vulnerability (CWE-601).
Ryoya Koyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000045.html",
"dc:date": "2020-07-09T15:08+09:00",
"dcterms:issued": "2020-07-09T15:08+09:00",
"dcterms:modified": "2020-07-09T15:08+09:00",
"description": "SHIRASAGI provided by SHIRASAGI Project contains an open redirect vulnerability (CWE-601).\r\n\r\nRyoya Koyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000045.html",
"sec:cpe": {
"#text": "cpe:/a:ss-proj:shirasagi",
"@product": "SHIRASAGI",
"@vendor": "SHIRASAGI Project",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000045",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN55657988/index.html",
"@id": "JVN#55657988",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5607",
"@id": "CVE-2020-5607",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5607",
"@id": "CVE-2020-5607",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "SHIRASAGI vulnerable to open redirect"
}
jvndb-2019-000057
Vulnerability from jvndb
Published
2019-09-10 13:56
Modified
2019-09-10 13:56
Severity ?
Summary
SHIRASAGI vulnerable to open redirect
Details
SHIRASAGI provided by SHIRASAGI Project contains an open redirect vulnerability (CWE-601).
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000057.html",
"dc:date": "2019-09-10T13:56+09:00",
"dcterms:issued": "2019-09-10T13:56+09:00",
"dcterms:modified": "2019-09-10T13:56+09:00",
"description": "SHIRASAGI provided by SHIRASAGI Project contains an open redirect vulnerability (CWE-601).\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000057.html",
"sec:cpe": {
"#text": "cpe:/a:ss-proj:shirasagi",
"@product": "SHIRASAGI",
"@vendor": "SHIRASAGI Project",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000057",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN74699196/index.html",
"@id": "JVN#74699196",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6009",
"@id": "CVE-2019-6009",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6009",
"@id": "CVE-2019-6009",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "SHIRASAGI vulnerable to open redirect"
}