Refine your search
10 vulnerabilities found for a-blog cms by appleple inc.
jvndb-2025-005050
Vulnerability from jvndb
Published
2025-05-15 18:11
Modified
2025-05-15 18:11
Severity ?
Summary
Multiple vulnerabilities in a-blog cms
Details
a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.
<ul>
<li>Path traversal (CWE-22)</li>
<ul>
<li>CVE-2025-27566</li>
<li>This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege</li>
</ul>
<li>Cross-site scripting (CWE-79)</li>
<ul>
<li>CVE-2025-32999</li>
<li>This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges</li>
</ul>
<li>Server-side request forgery (CWE-918)</li>
<ul><li>CVE-2025-36560</li></ul>
<li>Improper output neutralization for logs (CWE-117)</li>
<ul><li>CVE-2025-41429</li></ul>
CVE-2025-27566, CVE-2025-32999
haidv35 (Dinh Viet Hai) reported these vulnerabilities to the developer and coordinated. After the coordination was completed, haidv35 (Dinh Viet Hai) reported the case to JPCERT/CC to notify users of the solution through JVN.
CVE-2025-36560, CVE-2025-41429
vcth4nh from VCSLab of Viettel Cyber Security (Vu Chi Thanh) reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer.
References
| Type | URL | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-005050.html",
"dc:date": "2025-05-15T18:11+09:00",
"dcterms:issued": "2025-05-15T18:11+09:00",
"dcterms:modified": "2025-05-15T18:11+09:00",
"description": "a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\r\n\u003cli\u003ePath traversal (CWE-22)\u003c/li\u003e\r\n\u003cul\u003e\r\n\u003cli\u003eCVE-2025-27566\u003c/li\u003e\r\n\u003cli\u003eThis is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\n\u003cli\u003eCross-site scripting (CWE-79)\u003c/li\u003e\r\n\u003cul\u003e\r\n\u003cli\u003eCVE-2025-32999\u003c/li\u003e\r\n\u003cli\u003eThis issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\n\u003cli\u003eServer-side request forgery (CWE-918)\u003c/li\u003e\r\n\u003cul\u003e\u003cli\u003eCVE-2025-36560\u003c/li\u003e\u003c/ul\u003e\r\n\r\n\u003cli\u003eImproper output neutralization for logs (CWE-117)\u003c/li\u003e\r\n\u003cul\u003e\u003cli\u003eCVE-2025-41429\u003c/li\u003e\u003c/ul\u003e\r\n\r\nCVE-2025-27566, CVE-2025-32999\r\nhaidv35 (Dinh Viet Hai) reported these vulnerabilities to the developer and coordinated. After the coordination was completed, haidv35 (Dinh Viet Hai) reported the case to JPCERT/CC to notify users of the solution through JVN.\r\n\r\nCVE-2025-36560, CVE-2025-41429\r\nvcth4nh from VCSLab of Viettel Cyber Security (Vu Chi Thanh) reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-005050.html",
"sec:cpe": {
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "8.6",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-005050",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU90760614/index.html",
"@id": "JVNVU#90760614",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-27566",
"@id": "CVE-2025-27566",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-32999",
"@id": "CVE-2025-32999",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-36560",
"@id": "CVE-2025-36560",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-41429",
"@id": "CVE-2025-41429",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/117.html",
"@id": "CWE-117",
"@title": "Improper Output Neutralization for Logs(CWE-117)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/918.html",
"@id": "CWE-918",
"@title": "Server-Side Request Forgery (SSRF)(CWE-918)"
}
],
"title": "Multiple vulnerabilities in a-blog cms"
}
jvndb-2025-000024
Vulnerability from jvndb
Published
2025-03-28 10:46
Modified
2025-03-28 10:46
Severity ?
Summary
a-blog cms vulnerable to untrusted data deserialization
Details
a-blog cms provided by appleple inc. contains untrusted data deserialization vulnerability (CWE-502).
The developer states that attacks exploiting the vulnerability has been observed on a-blog cms Ver.2.8.x series or later.
appleple inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and appleple inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000024.html",
"dc:date": "2025-03-28T10:46+09:00",
"dcterms:issued": "2025-03-28T10:46+09:00",
"dcterms:modified": "2025-03-28T10:46+09:00",
"description": "a-blog cms provided by appleple inc. contains untrusted data deserialization vulnerability (CWE-502).\r\n\r\nThe developer states that attacks exploiting the vulnerability has been observed on a-blog cms Ver.2.8.x series or later.\r\n\r\nappleple inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and appleple inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000024.html",
"sec:cpe": [
{
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000024",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN66982699/index.html",
"@id": "JVN#66982699",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-31103",
"@id": "CVE-2025-31103",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "a-blog cms vulnerable to untrusted data deserialization"
}
jvndb-2024-000039
Vulnerability from jvndb
Published
2024-04-10 13:55
Modified
2024-04-10 13:55
Severity ?
Summary
Multiple vulnerabilities in a-blog cms
Details
a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.
* Stored cross-site scripting vulnerability in Entry editing pages (CWE-79) - CVE-2024-30419
* Server-side request forgery (CWE-918) - CVE-2024-30420
* Directory traversal (CWE-22) - CVE-2024-31394
* Stored cross-site scripting vulnerability in Schedule labeling pages (CWE-79) - CVE-2024-31395
* Code injection (CWE-94) - CVE-2024-31396
Rikuto Tauchi of sangi reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000039.html",
"dc:date": "2024-04-10T13:55+09:00",
"dcterms:issued": "2024-04-10T13:55+09:00",
"dcterms:modified": "2024-04-10T13:55+09:00",
"description": "a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.\r\n\r\n * Stored cross-site scripting vulnerability in Entry editing pages (CWE-79) - CVE-2024-30419\r\n * Server-side request forgery (CWE-918) - CVE-2024-30420\r\n * Directory traversal (CWE-22) - CVE-2024-31394\r\n * Stored cross-site scripting vulnerability in Schedule labeling pages (CWE-79) - CVE-2024-31395\r\n * Code injection (CWE-94) - CVE-2024-31396\r\n\r\nRikuto Tauchi of sangi reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000039.html",
"sec:cpe": {
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.6",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000039",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN70977403/index.html",
"@id": "JVN#70977403",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-30419",
"@id": "CVE-2024-30419",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-30420",
"@id": "CVE-2024-30420",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-31394",
"@id": "CVE-2024-31394",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-31395",
"@id": "CVE-2024-31395",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-31396",
"@id": "CVE-2024-31396",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in a-blog cms"
}
jvndb-2024-000030
Vulnerability from jvndb
Published
2024-03-08 15:27
Modified
2024-03-08 15:27
Severity ?
Summary
a-blog cms vulnerable to directory traversal
Details
a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains a directory traversal vulnerability (CWE-22).
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000030.html",
"dc:date": "2024-03-08T15:27+09:00",
"dcterms:issued": "2024-03-08T15:27+09:00",
"dcterms:modified": "2024-03-08T15:27+09:00",
"description": "a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains a directory traversal vulnerability (CWE-22).\r\n\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000030.html",
"sec:cpe": {
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"@version": "2.0"
},
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000030",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN48443978/index.html",
"@id": "JVN#48443978",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27279",
"@id": "CVE-2024-27279",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "a-blog cms vulnerable to directory traversal"
}
jvndb-2024-000019
Vulnerability from jvndb
Published
2024-02-15 14:12
Modified
2024-02-15 14:12
Severity ?
Summary
a-blog cms vulnerable to URL spoofing
Details
a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains an URL spoofing vulnerability (CWE-451).
Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000019.html",
"dc:date": "2024-02-15T14:12+09:00",
"dcterms:issued": "2024-02-15T14:12+09:00",
"dcterms:modified": "2024-02-15T14:12+09:00",
"description": "a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains an URL spoofing vulnerability (CWE-451).\r\n\r\nYuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000019.html",
"sec:cpe": {
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000019",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN48966481/index.html",
"@id": "JVN#48966481",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-25559",
"@id": "CVE-2024-25559",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "a-blog cms vulnerable to URL spoofing"
}
jvndb-2024-000011
Vulnerability from jvndb
Published
2024-01-22 15:08
Modified
2024-03-13 17:50
Severity ?
Summary
Multiple vulnerabilities in a-blog cms
Details
a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.<ul><li>Improper input validation (CWE-20) - CVE-2024-23180</li><li>Cross-site scripting (CWE-79) - CVE-2024-23181</li><li>Relative path traversal (CWE-23) - CVE-2024-23182</li><li>Cross-site scripting (CWE-79) - CVE-2024-23183</li><li>Improper input validation (CWE-20) - CVE-2024-23348</li><li>Cross-site scripting (CWE-79) - CVE-2024-23782</li></ul>
CVE-2024-23180
Naoya Miyaguchi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-23181
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-23182, CVE-2024-23183
Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-23348, CVE-2024-23782
Yuta Morioka of Information Science College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000011.html",
"dc:date": "2024-03-13T17:50+09:00",
"dcterms:issued": "2024-01-22T15:08+09:00",
"dcterms:modified": "2024-03-13T17:50+09:00",
"description": "a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eImproper input validation (CWE-20) - CVE-2024-23180\u003c/li\u003e\u003cli\u003eCross-site scripting (CWE-79) - CVE-2024-23181\u003c/li\u003e\u003cli\u003eRelative path traversal (CWE-23) - CVE-2024-23182\u003c/li\u003e\u003cli\u003eCross-site scripting (CWE-79) - CVE-2024-23183\u003c/li\u003e\u003cli\u003eImproper input validation (CWE-20) - CVE-2024-23348\u003c/li\u003e\u003cli\u003eCross-site scripting (CWE-79) - CVE-2024-23782\u003c/li\u003e\u003c/ul\u003e\r\n\r\n\r\nCVE-2024-23180\r\nNaoya Miyaguchi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-23181\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-23182, CVE-2024-23183\r\nYuji Tounai of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-23348, CVE-2024-23782\r\nYuta Morioka of Information Science College reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000011.html",
"sec:cpe": {
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000011",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN34565930/index.html",
"@id": "JVN#34565930",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-23180",
"@id": "CVE-2024-23180",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-23181",
"@id": "CVE-2024-23181",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-23182",
"@id": "CVE-2024-23182",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-23183",
"@id": "CVE-2024-23183",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-23348",
"@id": "CVE-2024-23348",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-23782",
"@id": "CVE-2024-23782",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-23180",
"@id": "CVE-2024-23180",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-23181",
"@id": "CVE-2024-23181",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-23182",
"@id": "CVE-2024-23182",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-23183",
"@id": "CVE-2024-23183",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-23348",
"@id": "CVE-2024-23348",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-23782",
"@id": "CVE-2024-23782",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/23.html",
"@id": "CWE-23",
"@title": "Relative Path Traversal(CWE-23)"
}
],
"title": "Multiple vulnerabilities in a-blog cms"
}
jvndb-2022-000014
Vulnerability from jvndb
Published
2022-02-18 15:55
Modified
2022-02-18 15:55
Severity ?
Summary
Multiple vulnerabilities in a-blog cms
Details
a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.
* Cross-site scripting (CWE-79) - CVE-2022-24374
* Cross-site scripting (CWE-79) - CVE-2022-23916
* Template injection (CWE-1336) - CVE-2022-23810
* Authentication bypass (CWE-291) - CVE-2022-21142
CVE-2022-24374
iwama yuu of Secure Sky Technology Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2022-23916
Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2022-23810, CVE-2022-21142
hibiki moriyama of STNet, Incorporated reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000014.html",
"dc:date": "2022-02-18T15:55+09:00",
"dcterms:issued": "2022-02-18T15:55+09:00",
"dcterms:modified": "2022-02-18T15:55+09:00",
"description": "a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. \r\n* Cross-site scripting (CWE-79) - CVE-2022-24374\r\n* Cross-site scripting (CWE-79) - CVE-2022-23916\r\n* Template injection (CWE-1336) - CVE-2022-23810\r\n* Authentication bypass (CWE-291) - CVE-2022-21142\r\n\r\nCVE-2022-24374\r\niwama yuu of Secure Sky Technology Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2022-23916\r\nMasashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2022-23810, CVE-2022-21142\r\nhibiki moriyama of STNet, Incorporated reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000014.html",
"sec:cpe": {
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "5.6",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000014",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN14706307/index.html",
"@id": "JVN#14706307",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-24374",
"@id": "CVE-2022-24374",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-23916",
"@id": "CVE-2022-23916",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-23810",
"@id": "CVE-2022-23810",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-21142",
"@id": "CVE-2022-21142",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-21142",
"@id": "CVE-2022-21142",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-23810",
"@id": "CVE-2022-23810",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-23916",
"@id": "CVE-2022-23916",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-24374",
"@id": "CVE-2022-24374",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
}
],
"title": "Multiple vulnerabilities in a-blog cms"
}
jvndb-2019-000078
Vulnerability from jvndb
Published
2019-12-20 15:43
Modified
2019-12-20 15:43
Severity ?
Summary
Multiple vulnerabilities in a-blog cms
Details
a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.
* Reflected cross-site scripting (CWE-79) - CVE-2019-6033
* Script injection due to a flaw in processing cookie (CWE-74) - CVE-2019-6034
Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000078.html",
"dc:date": "2019-12-20T15:43+09:00",
"dcterms:issued": "2019-12-20T15:43+09:00",
"dcterms:modified": "2019-12-20T15:43+09:00",
"description": "a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. \r\n* Reflected cross-site scripting (CWE-79) - CVE-2019-6033\r\n* Script injection due to a flaw in processing cookie (CWE-74) - CVE-2019-6034\r\n\r\nYuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000078.html",
"sec:cpe": {
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000078",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN10377257/index.html",
"@id": "JVN#10377257",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6033",
"@id": "CVE-2019-6033",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6034",
"@id": "CVE-2019-6034",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6033",
"@id": "CVE-2019-6033",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6034",
"@id": "CVE-2019-6034",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in a-blog cms"
}
jvndb-2016-000046
Vulnerability from jvndb
Published
2016-05-16 14:48
Modified
2017-05-23 13:44
Severity ?
Summary
a-blog cms vulnerable to cross-site scripting
Details
a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains a cross-site scripting vulnerability in the standard template of the comment functionality.
Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000046.html",
"dc:date": "2017-05-23T13:44+09:00",
"dcterms:issued": "2016-05-16T14:48+09:00",
"dcterms:modified": "2017-05-23T13:44+09:00",
"description": "a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains a cross-site scripting vulnerability in the standard template of the comment functionality.\r\n\r\nYuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000046.html",
"sec:cpe": {
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000046",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN73166466/index.html",
"@id": "JVN#73166466",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1179",
"@id": "CVE-2016-1179",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1179",
"@id": "CVE-2016-1179",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "a-blog cms vulnerable to cross-site scripting"
}
jvndb-2016-000047
Vulnerability from jvndb
Published
2016-05-16 14:48
Modified
2017-05-23 13:44
Severity ?
Summary
a-blog cms vulnerable to session management
Details
a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains a vulnerability in session management of the comment functionality.
Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000047.html",
"dc:date": "2017-05-23T13:44+09:00",
"dcterms:issued": "2016-05-16T14:48+09:00",
"dcterms:modified": "2017-05-23T13:44+09:00",
"description": "a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains a vulnerability in session management of the comment functionality.\r\n\r\nYuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000047.html",
"sec:cpe": {
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000047",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN03975805/index.html",
"@id": "JVN#03975805",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1178",
"@id": "CVE-2016-1178",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1178",
"@id": "CVE-2016-1178",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "a-blog cms vulnerable to session management"
}