Vulnerabilites related to appleple - a-blog_cms
Vulnerability from fkie_nvd
Published
2024-01-23 10:15
Modified
2024-11-21 08:57
Severity ?
Summary
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user's web browser.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN34565930/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN34565930/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "2879B3D6-4E10-494B-B221-61CF4FA3B2D7", versionEndIncluding: "2.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "957FC43C-7DBF-445F-952D-2C3AFC3DAF53", versionEndExcluding: "2.10.50", versionStartIncluding: "2.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "5B9C6A38-B9F3-4B83-872E-4A7FCF10A2CF", versionEndExcluding: "2.11.58", versionStartIncluding: "2.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "43352BBA-DDE8-4542-A8E1-10762B634972", versionEndExcluding: "3.0.29", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "E42BDC5D-3F5F-45E4-9135-0AA3E4DA94CE", versionEndExcluding: "3.1.7", versionStartIncluding: "3.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user's web browser.", }, { lang: "es", value: "Vulnerabilidad de cross-site scripting en las versiones de la serie a-blog cms Ver.3.1.x anteriores a la Ver.3.1.7, versiones de la serie Ver.3.0.x anteriores a la Ver.3.0.29, versiones de la serie Ver.2.11.x anteriores a la Ver. .2.11.58, versiones de la serie Ver.2.10.x anteriores a la Ver.2.10.50 y Ver.2.9.0 y anteriores permiten a un atacante remoto no autenticado ejecutar un script arbitrario en el navegador web del usuario que ha iniciado sesión.", }, ], id: "CVE-2024-23181", lastModified: "2024-11-21T08:57:08.347", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-23T10:15:10.493", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN34565930/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN34565930/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-24 15:15
Modified
2024-11-21 06:43
Severity ?
Summary
Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a remote unauthenticated attacker to bypass authentication under the specific condition.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://developer.a-blogcms.jp/blog/news/security-202202.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN14706307/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://developer.a-blogcms.jp/blog/news/security-202202.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN14706307/index.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "C264EA3A-AED8-4E83-8376-AB508E776879", versionEndExcluding: "2.8.74", versionStartIncluding: "2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "D668F55E-6205-4700-96B1-39C244C5A0E1", versionEndExcluding: "2.9.39", versionStartIncluding: "2.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "F60CDC66-6FE9-4240-B9FB-F1F6179E0FB2", versionEndExcluding: "2.10.43", versionStartIncluding: "2.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "95E3272E-1F03-481B-B4CD-37BA56C1A3EE", versionEndExcluding: "2.11.41", versionStartIncluding: "2.11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a remote unauthenticated attacker to bypass authentication under the specific condition.", }, { lang: "es", value: "Una vulnerabilidad de omisión de autenticación en a-blog cms versiones Ver.2.8.x anteriores a Ver.2.8.74, versiones Ver.2.9.x anteriores a Ver.2.9.39, versiones Ver.2.10.x anteriores a Ver.2.10.43 y versiones Ver.2.11.x anteriores a Ver.2.11.41, permite a un atacante remoto no autenticado omitir la autenticación bajo una condición específica", }, ], id: "CVE-2022-21142", lastModified: "2024-11-21T06:43:58.737", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-24T15:15:27.807", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/blog/news/security-202202.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN14706307/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/blog/news/security-202202.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN14706307/index.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-290", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-23 10:15
Modified
2024-11-21 08:57
Severity ?
Summary
Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to delete arbitrary files on the server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN34565930/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN34565930/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "2879B3D6-4E10-494B-B221-61CF4FA3B2D7", versionEndIncluding: "2.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "957FC43C-7DBF-445F-952D-2C3AFC3DAF53", versionEndExcluding: "2.10.50", versionStartIncluding: "2.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "5B9C6A38-B9F3-4B83-872E-4A7FCF10A2CF", versionEndExcluding: "2.11.58", versionStartIncluding: "2.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "43352BBA-DDE8-4542-A8E1-10762B634972", versionEndExcluding: "3.0.29", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "E42BDC5D-3F5F-45E4-9135-0AA3E4DA94CE", versionEndExcluding: "3.1.7", versionStartIncluding: "3.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to delete arbitrary files on the server.", }, { lang: "es", value: "Vulnerabilidad de path traversal relativo en las versiones de la serie a-blog cms Ver.3.1.x anteriores a la Ver.3.1.7, versiones de la serie Ver.3.0.x anteriores a la Ver.3.0.29, versiones de la serie Ver.2.11.x anteriores a la Ver. 2.11.58, versiones de la serie Ver.2.10.x anteriores a Ver.2.10.50 y Ver.2.9.0 y anteriores permiten a un atacante remoto autenticado eliminar archivos arbitrarios en el servidor.", }, ], id: "CVE-2024-23182", lastModified: "2024-11-21T08:57:08.487", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-23T10:15:10.540", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN34565930/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN34565930/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-12 22:59
Modified
2024-11-21 02:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN73166466/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000046.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://developer.a-blogcms.jp/blog/patch/entry-2363.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN73166466/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000046.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://developer.a-blogcms.jp/blog/patch/entry-2363.html | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| appleple | a-blog_cms | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "8DA4D6AF-8FD4-4C09-B4E3-D5291AF39BD8", versionEndIncluding: "2.6.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML.", }, { lang: "es", value: "Vulnerabilidad (XSS) en la plantilla estándar de la funcionalidad de comentarios en appleple a-blog cms 2.6.0.1 y versiones anteriores permite a atacantes remotos a inyectar secuencias de comandos de web o HTML arbitrario.", }, ], id: "CVE-2016-1179", lastModified: "2024-11-21T02:45:54.150", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-12T22:59:00.303", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN73166466/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000046.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Broken Link", ], url: "https://developer.a-blogcms.jp/blog/patch/entry-2363.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN73166466/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000046.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://developer.a-blogcms.jp/blog/patch/entry-2363.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-24 15:15
Modified
2024-11-21 06:49
Severity ?
Summary
Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://developer.a-blogcms.jp/blog/news/security-202202.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN14706307/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://developer.a-blogcms.jp/blog/news/security-202202.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN14706307/index.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | 3.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "9F010318-C88D-4F0D-9648-CD8CEE015D3B", versionEndExcluding: "2.8.75", versionStartIncluding: "2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "A0320EBA-DACA-4E38-AAF7-BFB93414BECC", versionEndExcluding: "2.9.40", versionStartIncluding: "2.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "3D0763C8-A9C0-4A27-B4DF-456C4AF75D82", versionEndExcluding: "2.10.44", versionStartIncluding: "2.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "C92C05DD-EF1E-4CD2-9F4A-846DBC2C89A0", versionEndExcluding: "2.11.42", versionStartIncluding: "2.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "521E93AF-17C4-4AB0-9FDA-9C997E74608A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374.", }, { lang: "es", value: "La vulnerabilidad de scripting cruzado en a-blog cms versiones Ver.2.8.x series anteriores a Ver.2.8.75, versiones Ver.2.9.x series anteriores a Ver.2.9.40, versiones Ver.2.10.x series anteriores a Ver.2.10.44, versiones Ver.2.11.x series anteriores a Ver.2.11.42 y versiones Ver.3.0.x series anteriores a Ver.3.0.1, permite a un atacante remoto autenticado inyectar un script arbitrario por medio de vectores no especificados. Esta vulnerabilidad es diferente de CVE-2022-24374", }, ], id: "CVE-2022-23916", lastModified: "2024-11-21T06:49:27.417", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-24T15:15:28.867", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/blog/news/security-202202.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN14706307/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/blog/news/security-202202.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN14706307/index.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-26 16:15
Modified
2024-11-21 04:45
Severity ?
Summary
a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN10377257/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://developer.a-blogcms.jp/download/legacy.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN10377257/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://developer.a-blogcms.jp/download/legacy.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "B9ED24E2-AD03-43D4-98AD-A95757388724", versionEndExcluding: "2.8.64", versionStartIncluding: "2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "FFFAE441-77B2-4DED-A4AC-6A78973ADD2F", versionEndExcluding: "2.9.6", versionStartIncluding: "2.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "E57E7C53-614B-4064-9B04-AACB28BD326A", versionEndExcluding: "2.10.23", versionStartIncluding: "2.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors.", }, { lang: "es", value: "a-blog cms versiones anteriores a Ver.2.10.23 (versiones Ver.2.10.x), Ver.2.9.26 (versiones Ver.2.9.x) y Ver.2.8.64 (versiones Ver.2.8.x), permite scripts arbitrarios para ser ejecutados en el contexto de la aplicación debido a vectores no especificados.", }, ], id: "CVE-2019-6034", lastModified: "2024-11-21T04:45:57.183", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-26T16:15:12.887", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN10377257/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/download/legacy.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN10377257/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/download/legacy.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-28 23:15
Modified
2024-11-21 08:58
Severity ?
Summary
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege may execute an arbitrary script on the web browser of the user who accessed the website using the product.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN34565930/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN34565930/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "733522A6-B4FD-4162-AB01-5BD359E4C808", versionEndExcluding: "2.10.50", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "5B9C6A38-B9F3-4B83-872E-4A7FCF10A2CF", versionEndExcluding: "2.11.58", versionStartIncluding: "2.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "43352BBA-DDE8-4542-A8E1-10762B634972", versionEndExcluding: "3.0.29", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "E42BDC5D-3F5F-45E4-9135-0AA3E4DA94CE", versionEndExcluding: "3.1.7", versionStartIncluding: "3.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege may execute an arbitrary script on the web browser of the user who accessed the website using the product.", }, { lang: "es", value: "La vulnerabilidad de cross site scripting existe en las versiones de la serie a-blog cms Ver.3.1.x anteriores a la Ver.3.1.7, versiones de la serie Ver.3.0.x anteriores a la Ver.3.0.29, versiones de la serie Ver.2.11.x anteriores a Ver.2.11.58, versiones de la serie Ver.2.10.x anteriores a Ver.2.10.50 y Ver.2.9.0 y versiones anteriores. Si se explota esta vulnerabilidad, un usuario con un privilegio de colaborador o superior puede ejecutar un script arbitrario en el navegador web del usuario que accedió al sitio web utilizando el producto.", }, ], id: "CVE-2024-23782", lastModified: "2024-11-21T08:58:23.427", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-28T23:15:58.350", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN34565930/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN34565930/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-26 16:15
Modified
2024-11-21 04:45
Severity ?
Summary
Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN10377257/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://developer.a-blogcms.jp/download/legacy.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN10377257/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://developer.a-blogcms.jp/download/legacy.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "B9ED24E2-AD03-43D4-98AD-A95757388724", versionEndExcluding: "2.8.64", versionStartIncluding: "2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "FFFAE441-77B2-4DED-A4AC-6A78973ADD2F", versionEndExcluding: "2.9.6", versionStartIncluding: "2.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "E57E7C53-614B-4064-9B04-AACB28BD326A", versionEndExcluding: "2.10.23", versionStartIncluding: "2.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de tipo cross-site scripting en a-blog cms versiones anteriores a Ver.2.10.23 (versiones Ver.2.10.x), Ver.2.9.26 (versiones Ver.2.9.x) y Ver.2.8.64 (versiones Ver.2.8. x), permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados.", }, ], id: "CVE-2019-6033", lastModified: "2024-11-21T04:45:57.070", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-26T16:15:12.793", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN10377257/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/download/legacy.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN10377257/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/download/legacy.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-23 10:15
Modified
2024-11-21 08:57
Severity ?
Summary
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN34565930/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN34565930/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "2879B3D6-4E10-494B-B221-61CF4FA3B2D7", versionEndIncluding: "2.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "957FC43C-7DBF-445F-952D-2C3AFC3DAF53", versionEndExcluding: "2.10.50", versionStartIncluding: "2.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "5B9C6A38-B9F3-4B83-872E-4A7FCF10A2CF", versionEndExcluding: "2.11.58", versionStartIncluding: "2.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "43352BBA-DDE8-4542-A8E1-10762B634972", versionEndExcluding: "3.0.29", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "E42BDC5D-3F5F-45E4-9135-0AA3E4DA94CE", versionEndExcluding: "3.1.7", versionStartIncluding: "3.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file.", }, { lang: "es", value: "Vulnerabilidad de validación de entrada incorrecta en las versiones de la serie a-blog cms Ver.3.1.x anteriores a la Ver.3.1.7, versiones de la serie Ver.3.0.x anteriores a la Ver.3.0.29, versiones de la serie Ver.2.11.x anteriores a la Ver. 2.11.58, versiones de la serie Ver.2.10.x anteriores a la Ver.2.10.50 y Ver.2.9.0 y anteriores permiten a un atacante remoto autenticado ejecutar código arbitrario cargando un archivo SVG especialmente manipulado.", }, ], id: "CVE-2024-23180", lastModified: "2024-11-21T08:57:08.213", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-23T10:15:10.440", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN34565930/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN34565930/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-24 15:15
Modified
2024-11-21 06:49
Severity ?
Summary
Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to obtain an arbitrary file on the server via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://developer.a-blogcms.jp/blog/news/security-202202.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN14706307/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://developer.a-blogcms.jp/blog/news/security-202202.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN14706307/index.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | 3.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "9F010318-C88D-4F0D-9648-CD8CEE015D3B", versionEndExcluding: "2.8.75", versionStartIncluding: "2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "A0320EBA-DACA-4E38-AAF7-BFB93414BECC", versionEndExcluding: "2.9.40", versionStartIncluding: "2.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "3D0763C8-A9C0-4A27-B4DF-456C4AF75D82", versionEndExcluding: "2.10.44", versionStartIncluding: "2.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "C92C05DD-EF1E-4CD2-9F4A-846DBC2C89A0", versionEndExcluding: "2.11.42", versionStartIncluding: "2.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "521E93AF-17C4-4AB0-9FDA-9C997E74608A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to obtain an arbitrary file on the server via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de inyección de plantillas (Neutralización Inapropiada de Elementos Especiales Usados en un Motor de Plantillas) en a-blog cms versiones Ver.2.8.x series anteriores a Ver.2.8.75, versiones Ver.2.9.x anteriores a Ver.2.9.40, versiones Ver.2 .10.x series versiones anteriores a Ver.2.10.44, versiones Ver.2.11.x series versiones anteriores a Ver.2.11.42, y versiones Ver.3.0.x series versiones anteriores a Ver.3.0.1, permite a un atacante remoto autenticado obtener un archivo arbitrario en el servidor por medio de vectores no especificados", }, ], id: "CVE-2022-23810", lastModified: "2024-11-21T06:49:17.847", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-24T15:15:28.810", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/blog/news/security-202202.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN14706307/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/blog/news/security-202202.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN14706307/index.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-23 10:15
Modified
2024-11-21 08:57
Severity ?
Summary
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user's web browser.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN34565930/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN34565930/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "2879B3D6-4E10-494B-B221-61CF4FA3B2D7", versionEndIncluding: "2.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "957FC43C-7DBF-445F-952D-2C3AFC3DAF53", versionEndExcluding: "2.10.50", versionStartIncluding: "2.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "5B9C6A38-B9F3-4B83-872E-4A7FCF10A2CF", versionEndExcluding: "2.11.58", versionStartIncluding: "2.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "43352BBA-DDE8-4542-A8E1-10762B634972", versionEndExcluding: "3.0.29", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "E42BDC5D-3F5F-45E4-9135-0AA3E4DA94CE", versionEndExcluding: "3.1.7", versionStartIncluding: "3.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user's web browser.", }, { lang: "es", value: "Vulnerabilidad de cross-site scripting en las versiones de la serie a-blog cms Ver.3.1.x anteriores a la Ver.3.1.7, versiones de la serie Ver.3.0.x anteriores a la Ver.3.0.29, versiones de la serie Ver.2.11.x anteriores a la Ver. .2.11.58, versiones de la serie Ver.2.10.x anteriores a la Ver.2.10.50 y Ver.2.9.0 y anteriores permiten a un atacante remoto autenticado ejecutar un script arbitrario en el navegador web del usuario que ha iniciado sesión.", }, ], id: "CVE-2024-23183", lastModified: "2024-11-21T08:57:08.607", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-23T10:15:10.590", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN34565930/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN34565930/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-24 15:15
Modified
2024-11-21 06:50
Severity ?
Summary
Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-23916.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://developer.a-blogcms.jp/blog/news/security-202202.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN14706307/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://developer.a-blogcms.jp/blog/news/security-202202.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN14706307/index.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | 3.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "9F010318-C88D-4F0D-9648-CD8CEE015D3B", versionEndExcluding: "2.8.75", versionStartIncluding: "2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "A0320EBA-DACA-4E38-AAF7-BFB93414BECC", versionEndExcluding: "2.9.40", versionStartIncluding: "2.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "3D0763C8-A9C0-4A27-B4DF-456C4AF75D82", versionEndExcluding: "2.10.44", versionStartIncluding: "2.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "C92C05DD-EF1E-4CD2-9F4A-846DBC2C89A0", versionEndExcluding: "2.11.42", versionStartIncluding: "2.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "521E93AF-17C4-4AB0-9FDA-9C997E74608A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-23916.", }, { lang: "es", value: "Una vulnerabilidad de tipo Cross-site scripting en a-blog cms versiones Ver.2.8.x series anteriores a Ver.2.8.75, versiones Ver.2.9.x series anteriores a Ver.2.9.40, versiones Ver.2.10.x series anteriores a Ver.2.10.44, versiones Ver.2.11.x series anteriores a Ver.2.11.42 y versiones Ver.3.0.x series anteriores a Ver.3.0.1, permite a un atacante remoto autenticado inyectar un script arbitrario por medio de vectores no especificados. Esta vulnerabilidad es diferente de CVE-2022-23916", }, ], id: "CVE-2022-24374", lastModified: "2024-11-21T06:50:17.380", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-24T15:15:29.287", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/blog/news/security-202202.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN14706307/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/blog/news/security-202202.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN14706307/index.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-12 22:59
Modified
2024-11-21 02:45
Severity ?
Summary
The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN03975805/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000047.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://developer.a-blogcms.jp/blog/patch/entry-2363.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN03975805/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000047.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://developer.a-blogcms.jp/blog/patch/entry-2363.html | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| appleple | a-blog_cms | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "8DA4D6AF-8FD4-4C09-B4E3-D5291AF39BD8", versionEndIncluding: "2.6.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors.", }, { lang: "es", value: "La sesión de administración de la funcionalidad de comentarios en appleple a-blog cms 2.6.0.1 y versiones anteriores permite a atacantes remotos a obtener o modificar información sensible a través de vectores no especificados.", }, ], id: "CVE-2016-1178", lastModified: "2024-11-21T02:45:54.047", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-12T22:59:00.273", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN03975805/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000047.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Broken Link", ], url: "https://developer.a-blogcms.jp/blog/patch/entry-2363.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvn.jp/en/jp/JVN03975805/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000047.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://developer.a-blogcms.jp/blog/patch/entry-2363.html", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-23 10:15
Modified
2024-11-21 08:57
Severity ?
Summary
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN34565930/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN34565930/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * | |
| appleple | a-blog_cms | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "2879B3D6-4E10-494B-B221-61CF4FA3B2D7", versionEndIncluding: "2.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "957FC43C-7DBF-445F-952D-2C3AFC3DAF53", versionEndExcluding: "2.10.50", versionStartIncluding: "2.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "5B9C6A38-B9F3-4B83-872E-4A7FCF10A2CF", versionEndExcluding: "2.11.58", versionStartIncluding: "2.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "43352BBA-DDE8-4542-A8E1-10762B634972", versionEndExcluding: "3.0.29", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", matchCriteriaId: "E42BDC5D-3F5F-45E4-9135-0AA3E4DA94CE", versionEndExcluding: "3.1.7", versionStartIncluding: "3.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file.", }, { lang: "es", value: "Vulnerabilidad de validación de entrada incorrecta en las versiones de la serie a-blog cms Ver.3.1.x anteriores a la Ver.3.1.7, versiones de la serie Ver.3.0.x anteriores a la Ver.3.0.29, versiones de la serie Ver.2.11.x anteriores a la Ver. 2.11.58, versiones de la serie Ver.2.10.x anteriores a la Ver.2.10.50 y Ver.2.9.0 y anteriores permiten a un atacante remoto autenticado ejecutar código JavaScript arbitrario cargando un archivo SVG especialmente manipulado.", }, ], id: "CVE-2024-23348", lastModified: "2024-11-21T08:57:33.707", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-23T10:15:10.637", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN34565930/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN34565930/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2024-23182
Vulnerability from cvelistv5
Published
2024-01-23 09:38
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to delete arbitrary files on the server.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | appleple inc. | a-blog cms Ver.3.1.x series |
Version: prior to Ver.3.1.7 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.082Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { tags: [ "x_transferred", ], url: "https://jvn.jp/en/jp/JVN34565930/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "a-blog cms Ver.3.1.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.3.1.7", }, ], }, { product: "a-blog cms Ver.3.0.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.3.0.29", }, ], }, { product: "a-blog cms Ver.2.11.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.2.11.58", }, ], }, { product: "a-blog cms Ver.2.10.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.2.10.50", }, ], }, { product: "a-blog cms", vendor: "appleple inc.", versions: [ { status: "affected", version: "Ver.2.9.0 and earlier ", }, ], }, ], descriptions: [ { lang: "en", value: "Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to delete arbitrary files on the server.", }, ], problemTypes: [ { descriptions: [ { description: "Relative path traversal", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-23T09:38:58.906Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { url: "https://jvn.jp/en/jp/JVN34565930/", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2024-23182", datePublished: "2024-01-23T09:38:58.906Z", dateReserved: "2024-01-12T05:24:51.969Z", dateUpdated: "2024-08-01T22:59:32.082Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23348
Vulnerability from cvelistv5
Published
2024-01-23 09:39
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | appleple inc. | a-blog cms Ver.3.1.x series |
Version: prior to Ver.3.1.7 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.154Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { tags: [ "x_transferred", ], url: "https://jvn.jp/en/jp/JVN34565930/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "a-blog cms Ver.3.1.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.3.1.7", }, ], }, { product: "a-blog cms Ver.3.0.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.3.0.29", }, ], }, { product: "a-blog cms Ver.2.11.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.2.11.58", }, ], }, { product: "a-blog cms Ver.2.10.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.2.10.50", }, ], }, { product: "a-blog cms", vendor: "appleple inc.", versions: [ { status: "affected", version: "Ver.2.9.0 and earlier ", }, ], }, ], descriptions: [ { lang: "en", value: "Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file.", }, ], problemTypes: [ { descriptions: [ { description: "Improper input validation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-23T09:39:14.190Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { url: "https://jvn.jp/en/jp/JVN34565930/", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2024-23348", datePublished: "2024-01-23T09:39:14.190Z", dateReserved: "2024-01-15T23:36:05.944Z", dateUpdated: "2024-08-01T22:59:32.154Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21142
Vulnerability from cvelistv5
Published
2022-02-24 09:50
Modified
2024-08-03 02:31
Severity ?
EPSS score ?
Summary
Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a remote unauthenticated attacker to bypass authentication under the specific condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.a-blogcms.jp/blog/news/security-202202.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN14706307/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| appleple inc. | a-blog cms |
Version: Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:31:59.241Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://developer.a-blogcms.jp/blog/news/security-202202.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN14706307/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "a-blog cms", vendor: "appleple inc.", versions: [ { status: "affected", version: "Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41", }, ], }, ], descriptions: [ { lang: "en", value: "Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a remote unauthenticated attacker to bypass authentication under the specific condition.", }, ], problemTypes: [ { descriptions: [ { description: "Authentication bypass", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-02-24T09:50:25", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://developer.a-blogcms.jp/blog/news/security-202202.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN14706307/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2022-21142", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "a-blog cms", version: { version_data: [ { version_value: "Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41", }, ], }, }, ], }, vendor_name: "appleple inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a remote unauthenticated attacker to bypass authentication under the specific condition.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Authentication bypass", }, ], }, ], }, references: { reference_data: [ { name: "https://developer.a-blogcms.jp/blog/news/security-202202.html", refsource: "MISC", url: "https://developer.a-blogcms.jp/blog/news/security-202202.html", }, { name: "https://jvn.jp/en/jp/JVN14706307/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN14706307/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2022-21142", datePublished: "2022-02-24T09:50:26", dateReserved: "2022-02-16T00:00:00", dateUpdated: "2024-08-03T02:31:59.241Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23810
Vulnerability from cvelistv5
Published
2022-02-24 09:50
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to obtain an arbitrary file on the server via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.a-blogcms.jp/blog/news/security-202202.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN14706307/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| appleple inc. | a-blog cms |
Version: Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:51:45.982Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://developer.a-blogcms.jp/blog/news/security-202202.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN14706307/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "a-blog cms", vendor: "appleple inc.", versions: [ { status: "affected", version: "Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1", }, ], }, ], descriptions: [ { lang: "en", value: "Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to obtain an arbitrary file on the server via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Template injection (Improper Neutralization of Special Elements Used in a Template Engine)", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-02-24T09:50:28", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://developer.a-blogcms.jp/blog/news/security-202202.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN14706307/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2022-23810", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "a-blog cms", version: { version_data: [ { version_value: "Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1", }, ], }, }, ], }, vendor_name: "appleple inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to obtain an arbitrary file on the server via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Template injection (Improper Neutralization of Special Elements Used in a Template Engine)", }, ], }, ], }, references: { reference_data: [ { name: "https://developer.a-blogcms.jp/blog/news/security-202202.html", refsource: "MISC", url: "https://developer.a-blogcms.jp/blog/news/security-202202.html", }, { name: "https://jvn.jp/en/jp/JVN14706307/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN14706307/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2022-23810", datePublished: "2022-02-24T09:50:28", dateReserved: "2022-02-16T00:00:00", dateUpdated: "2024-08-03T03:51:45.982Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23916
Vulnerability from cvelistv5
Published
2022-02-24 09:50
Modified
2024-08-03 03:59
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.a-blogcms.jp/blog/news/security-202202.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN14706307/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| appleple inc. | a-blog cms |
Version: Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:59:22.651Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://developer.a-blogcms.jp/blog/news/security-202202.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN14706307/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "a-blog cms", vendor: "appleple inc.", versions: [ { status: "affected", version: "Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-02-24T09:50:30", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://developer.a-blogcms.jp/blog/news/security-202202.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN14706307/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2022-23916", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "a-blog cms", version: { version_data: [ { version_value: "Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1", }, ], }, }, ], }, vendor_name: "appleple inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://developer.a-blogcms.jp/blog/news/security-202202.html", refsource: "MISC", url: "https://developer.a-blogcms.jp/blog/news/security-202202.html", }, { name: "https://jvn.jp/en/jp/JVN14706307/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN14706307/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2022-23916", datePublished: "2022-02-24T09:50:30", dateReserved: "2022-02-16T00:00:00", dateUpdated: "2024-08-03T03:59:22.651Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-6034
Vulnerability from cvelistv5
Published
2019-12-26 15:16
Modified
2024-08-04 20:16
Severity ?
EPSS score ?
Summary
a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.a-blogcms.jp/download/legacy.html | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN10377257/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| appleple inc. | a-blog cms |
Version: versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:16:23.649Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://developer.a-blogcms.jp/download/legacy.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN10377257/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "a-blog cms", vendor: "appleple inc.", versions: [ { status: "affected", version: "versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x)", }, ], }, ], descriptions: [ { lang: "en", value: "a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Script injection", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-26T15:16:50", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://developer.a-blogcms.jp/download/legacy.html", }, { tags: [ "x_refsource_MISC", ], url: "http://jvn.jp/en/jp/JVN10377257/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2019-6034", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "a-blog cms", version: { version_data: [ { version_value: "versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x)", }, ], }, }, ], }, vendor_name: "appleple inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Script injection", }, ], }, ], }, references: { reference_data: [ { name: "https://developer.a-blogcms.jp/download/legacy.html", refsource: "MISC", url: "https://developer.a-blogcms.jp/download/legacy.html", }, { name: "http://jvn.jp/en/jp/JVN10377257/index.html", refsource: "MISC", url: "http://jvn.jp/en/jp/JVN10377257/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2019-6034", datePublished: "2019-12-26T15:16:50", dateReserved: "2019-01-10T00:00:00", dateUpdated: "2024-08-04T20:16:23.649Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23180
Vulnerability from cvelistv5
Published
2024-01-23 09:37
Modified
2024-11-13 16:26
Severity ?
EPSS score ?
Summary
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | appleple inc. | a-blog cms Ver.3.1.x series |
Version: prior to Ver.3.1.7 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:31.845Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { tags: [ "x_transferred", ], url: "https://jvn.jp/en/jp/JVN34565930/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-23180", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-26T16:26:53.058447Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T16:26:19.966Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "a-blog cms Ver.3.1.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.3.1.7", }, ], }, { product: "a-blog cms Ver.3.0.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.3.0.29", }, ], }, { product: "a-blog cms Ver.2.11.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.2.11.58", }, ], }, { product: "a-blog cms Ver.2.10.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.2.10.50", }, ], }, { product: "a-blog cms", vendor: "appleple inc.", versions: [ { status: "affected", version: "Ver.2.9.0 and earlier ", }, ], }, ], descriptions: [ { lang: "en", value: "Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file.", }, ], problemTypes: [ { descriptions: [ { description: "Improper input validation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-23T09:37:22.303Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { url: "https://jvn.jp/en/jp/JVN34565930/", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2024-23180", datePublished: "2024-01-23T09:37:22.303Z", dateReserved: "2024-01-12T05:24:51.968Z", dateUpdated: "2024-11-13T16:26:19.966Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23183
Vulnerability from cvelistv5
Published
2024-01-23 09:39
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user's web browser.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | appleple inc. | a-blog cms Ver.3.1.x series |
Version: prior to Ver.3.1.7 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:31.779Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { tags: [ "x_transferred", ], url: "https://jvn.jp/en/jp/JVN34565930/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "a-blog cms Ver.3.1.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.3.1.7", }, ], }, { product: "a-blog cms Ver.3.0.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.3.0.29", }, ], }, { product: "a-blog cms Ver.2.11.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.2.11.58", }, ], }, { product: "a-blog cms Ver.2.10.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.2.10.50", }, ], }, { product: "a-blog cms", vendor: "appleple inc.", versions: [ { status: "affected", version: "Ver.2.9.0 and earlier ", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user's web browser.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting (XSS)", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-23T09:39:05.114Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { url: "https://jvn.jp/en/jp/JVN34565930/", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2024-23183", datePublished: "2024-01-23T09:39:05.114Z", dateReserved: "2024-01-12T05:24:51.969Z", dateUpdated: "2024-08-01T22:59:31.779Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23782
Vulnerability from cvelistv5
Published
2024-01-28 23:09
Modified
2024-08-01 23:13
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege may execute an arbitrary script on the web browser of the user who accessed the website using the product.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | appleple inc. | a-blog cms Ver.3.1.x series |
Version: prior to Ver.3.1.7 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:13:08.244Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { tags: [ "x_transferred", ], url: "https://jvn.jp/en/jp/JVN34565930/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "a-blog cms Ver.3.1.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.3.1.7", }, ], }, { product: "a-blog cms Ver.3.0.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.3.0.29", }, ], }, { product: "a-blog cms Ver.2.11.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.2.11.58", }, ], }, { product: "a-blog cms Ver.2.10.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.2.10.50", }, ], }, { product: "a-blog cms", vendor: "appleple inc.", versions: [ { status: "affected", version: "Ver.2.9.0 and earlier ", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege may execute an arbitrary script on the web browser of the user who accessed the website using the product.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting (XSS)", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-28T23:09:13.092Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { url: "https://jvn.jp/en/jp/JVN34565930/", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2024-23782", datePublished: "2024-01-28T23:09:13.092Z", dateReserved: "2024-01-22T07:59:48.826Z", dateUpdated: "2024-08-01T23:13:08.244Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1178
Vulnerability from cvelistv5
Published
2017-04-12 22:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN03975805/index.html | third-party-advisory, x_refsource_JVN | |
| http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000047.html | third-party-advisory, x_refsource_JVNDB | |
| https://developer.a-blogcms.jp/blog/patch/entry-2363.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:48:13.077Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVN#03975805", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN03975805/index.html", }, { name: "JVNDB-2016-000047", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000047.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://developer.a-blogcms.jp/blog/patch/entry-2363.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-16T00:00:00", descriptions: [ { lang: "en", value: "The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-04-12T21:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVN#03975805", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN03975805/index.html", }, { name: "JVNDB-2016-000047", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000047.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://developer.a-blogcms.jp/blog/patch/entry-2363.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2016-1178", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVN#03975805", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN03975805/index.html", }, { name: "JVNDB-2016-000047", refsource: "JVNDB", url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000047.html", }, { name: "https://developer.a-blogcms.jp/blog/patch/entry-2363.html", refsource: "CONFIRM", url: "https://developer.a-blogcms.jp/blog/patch/entry-2363.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2016-1178", datePublished: "2017-04-12T22:00:00", dateReserved: "2015-12-26T00:00:00", dateUpdated: "2024-08-05T22:48:13.077Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24374
Vulnerability from cvelistv5
Published
2022-02-24 09:50
Modified
2024-08-03 04:07
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-23916.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.a-blogcms.jp/blog/news/security-202202.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN14706307/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| appleple inc. | a-blog cms |
Version: Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:07:02.425Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://developer.a-blogcms.jp/blog/news/security-202202.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN14706307/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "a-blog cms", vendor: "appleple inc.", versions: [ { status: "affected", version: "Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-23916.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-02-24T09:50:32", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://developer.a-blogcms.jp/blog/news/security-202202.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN14706307/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2022-24374", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "a-blog cms", version: { version_data: [ { version_value: "Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1", }, ], }, }, ], }, vendor_name: "appleple inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-23916.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://developer.a-blogcms.jp/blog/news/security-202202.html", refsource: "MISC", url: "https://developer.a-blogcms.jp/blog/news/security-202202.html", }, { name: "https://jvn.jp/en/jp/JVN14706307/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN14706307/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2022-24374", datePublished: "2022-02-24T09:50:32", dateReserved: "2022-02-16T00:00:00", dateUpdated: "2024-08-03T04:07:02.425Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1179
Vulnerability from cvelistv5
Published
2017-04-12 22:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000046.html | third-party-advisory, x_refsource_JVNDB | |
| https://developer.a-blogcms.jp/blog/patch/entry-2363.html | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN73166466/index.html | third-party-advisory, x_refsource_JVN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:48:13.487Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVNDB-2016-000046", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000046.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://developer.a-blogcms.jp/blog/patch/entry-2363.html", }, { name: "JVN#73166466", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN73166466/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-16T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-04-12T21:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVNDB-2016-000046", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000046.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://developer.a-blogcms.jp/blog/patch/entry-2363.html", }, { name: "JVN#73166466", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN73166466/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2016-1179", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVNDB-2016-000046", refsource: "JVNDB", url: "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000046.html", }, { name: "https://developer.a-blogcms.jp/blog/patch/entry-2363.html", refsource: "CONFIRM", url: "https://developer.a-blogcms.jp/blog/patch/entry-2363.html", }, { name: "JVN#73166466", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN73166466/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2016-1179", datePublished: "2017-04-12T22:00:00", dateReserved: "2015-12-26T00:00:00", dateUpdated: "2024-08-05T22:48:13.487Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23181
Vulnerability from cvelistv5
Published
2024-01-23 09:38
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user's web browser.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | appleple inc. | a-blog cms Ver.3.1.x series |
Version: prior to Ver.3.1.7 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.204Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { tags: [ "x_transferred", ], url: "https://jvn.jp/en/jp/JVN34565930/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "a-blog cms Ver.3.1.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.3.1.7", }, ], }, { product: "a-blog cms Ver.3.0.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.3.0.29", }, ], }, { product: "a-blog cms Ver.2.11.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.2.11.58", }, ], }, { product: "a-blog cms Ver.2.10.x series", vendor: "appleple inc.", versions: [ { status: "affected", version: "prior to Ver.2.10.50", }, ], }, { product: "a-blog cms", vendor: "appleple inc.", versions: [ { status: "affected", version: "Ver.2.9.0 and earlier ", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user's web browser.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting (XSS)", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-23T09:38:08.211Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html", }, { url: "https://jvn.jp/en/jp/JVN34565930/", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2024-23181", datePublished: "2024-01-23T09:38:08.211Z", dateReserved: "2024-01-12T05:24:51.969Z", dateUpdated: "2024-08-01T22:59:32.204Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-6033
Vulnerability from cvelistv5
Published
2019-12-26 15:16
Modified
2024-08-04 20:16
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.a-blogcms.jp/download/legacy.html | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN10377257/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| appleple inc. | a-blog cms |
Version: versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:16:24.521Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://developer.a-blogcms.jp/download/legacy.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN10377257/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "a-blog cms", vendor: "appleple inc.", versions: [ { status: "affected", version: "versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x)", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-26T15:16:50", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://developer.a-blogcms.jp/download/legacy.html", }, { tags: [ "x_refsource_MISC", ], url: "http://jvn.jp/en/jp/JVN10377257/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2019-6033", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "a-blog cms", version: { version_data: [ { version_value: "versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x)", }, ], }, }, ], }, vendor_name: "appleple inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://developer.a-blogcms.jp/download/legacy.html", refsource: "MISC", url: "https://developer.a-blogcms.jp/download/legacy.html", }, { name: "http://jvn.jp/en/jp/JVN10377257/index.html", refsource: "MISC", url: "http://jvn.jp/en/jp/JVN10377257/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2019-6033", datePublished: "2019-12-26T15:16:50", dateReserved: "2019-01-10T00:00:00", dateUpdated: "2024-08-04T20:16:24.521Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }