Search criteria
19 vulnerabilities found for GroupSession by Japan Total System Co.,Ltd.
JVNDB-2025-000113
Vulnerability from jvndb - Published: 2025-12-08 17:48 - Updated:2025-12-11 11:30
Severity ?
Summary
Multiple vulnerabilities in GroupSession
Details
GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.
- Stored cross-site scripting (CWE-79) - CVE-2025-53523
- Stored cross-site scripting (CWE-79) - CVE-2025-54407
- Reflected cross-site scripting (CWE-79) - CVE-2025-57883
- Cross-site request forgery (CWE-352) - CVE-2025-58576
- Authorization bypass through user-controlled key (CWE-639) - CVE-2025-61950
- Missing origin validation in webSockets (CWE-1385) - CVE-2025-61987
- SQL injection (CWE-89) - CVE-2025-62192
- Initialization of a resource with an insecure default (CWE-1188) - CVE-2025-64781
- This can be exploited only when External page display restriction is set as "Do not limit", as in the initial configurationReflected cross-site scripting (CWE-79) - CVE-2025-65120
- Stored cross-site scripting (CWE-79) - CVE-2025-66284
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000113.html",
"dc:date": "2025-12-11T11:30+09:00",
"dcterms:issued": "2025-12-08T17:48+09:00",
"dcterms:modified": "2025-12-11T11:30+09:00",
"description": "GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eStored cross-site scripting (CWE-79) - CVE-2025-53523\u003c/li\u003e\r\n\u003cli\u003eStored cross-site scripting (CWE-79) - CVE-2025-54407\u003c/li\u003e\r\n\u003cli\u003eReflected cross-site scripting (CWE-79) - CVE-2025-57883\u003c/li\u003e\r\n\u003cli\u003eCross-site request forgery (CWE-352) - CVE-2025-58576\u003c/li\u003e\r\n\u003cli\u003eAuthorization bypass through user-controlled key (CWE-639) - CVE-2025-61950\u003c/li\u003e\r\n\u003cli\u003eMissing origin validation in webSockets (CWE-1385) - CVE-2025-61987\u003c/li\u003e\u003cli\u003eSQL injection (CWE-89) - CVE-2025-62192\u003c/li\u003e\r\n\u003cli\u003eInitialization of a resource with an insecure default (CWE-1188) - CVE-2025-64781\u003c/li\u003e\r\n\u003cli\u003eThis can be exploited only when External page display restriction is set as \"Do not limit\", as in the initial configurationReflected cross-site scripting (CWE-79) - CVE-2025-65120\u003c/li\u003e\r\n\u003cli\u003eStored cross-site scripting (CWE-79) - CVE-2025-66284\u003c/li\u003e\u003c/ul\u003e\r\nThe following people reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2025-53523\r\nReporter: Shogo Iyota of GMO Cybersecurity by Ierae\r\n Gaku Mochizuki, Tsutomu Aramaki, and Taiga Shirakura of Mitsui Bussan Secure Directions, Inc.\r\n Natsumi Furukawa\r\n\r\nCVE-2025-54407\r\nReporter: Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.\r\n\r\nCVE-2025-57883\r\nReporter: Tsuyuki Takumi of Mitsui Bussan Secure Directions, Inc.\r\n Ryo Sato\r\n\r\nCVE-2025-58576\r\nReporter: Tsuyuki Takumi, Kenta Yamamoto, and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.\r\n Shogo Iyota of GMO Cybersecurity by Ierae\r\n\r\nCVE-2025-61950\r\nReporter: Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc.\r\n\r\nCVE-2025-61987\r\nReporter: Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.\r\n\r\nCVE-2025-62192\r\nGaku Mochizuki and Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc.\r\n\r\nCVE-2025-64781\r\nReporter: Ryo Sato\r\n\r\nCVE-2025-65120\r\nReporter: Kentaro Ishii of GMO Cybersecurity by Ierae, Inc.\r\n Shiga Takuma of BroadBand Security, Inc.\r\n\r\nCVE-2025-66284\r\nReporter: Kentaro Ishii of GMO Cybersecurity by Ierae, Inc.\r\n KOJIRO ENOKIDA",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000113.html",
"sec:cpe": {
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000113",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN19940619/index.html",
"@id": "JVN#19940619",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-53523",
"@id": "CVE-2025-53523",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-54407",
"@id": "CVE-2025-54407",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-57883",
"@id": "CVE-2025-57883",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-58576",
"@id": "CVE-2025-58576",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-61950",
"@id": "CVE-2025-61950",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-61987",
"@id": "CVE-2025-61987",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-62192",
"@id": "CVE-2025-62192",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-64781",
"@id": "CVE-2025-64781",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-65120",
"@id": "CVE-2025-65120",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-66284",
"@id": "CVE-2025-66284",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in GroupSession"
}
JVNDB-2021-000111
Vulnerability from jvndb - Published: 2021-12-20 14:53 - Updated:2021-12-21 14:20
Severity ?
Summary
Multiple vulnerabilities in GroupSession
Details
GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.
*Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2021-20874
*Open redirect (CWE-601) - CVE-2021-20875
*Path Traversal (CWE-22) - CVE-2021-20876
CVE-2021-20874
TAKUMA SHIGA reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20875, CVE-2021-20876
Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000111.html",
"dc:date": "2021-12-21T14:20+09:00",
"dcterms:issued": "2021-12-20T14:53+09:00",
"dcterms:modified": "2021-12-21T14:20+09:00",
"description": "GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.\r\n\r\n*Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2021-20874\r\n*Open redirect (CWE-601) - CVE-2021-20875\r\n*Path Traversal (CWE-22) - CVE-2021-20876\r\n\r\nCVE-2021-20874\r\nTAKUMA SHIGA reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20875, CVE-2021-20876\r\nTsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000111.html",
"sec:cpe": {
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000111",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN79798166/index.html",
"@id": "JVN#79798166",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2021-20874",
"@id": "CVE-2021-20874",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2021-20875",
"@id": "CVE-2021-20875",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2021-20876",
"@id": "CVE-2021-20876",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20874",
"@id": "CVE-2021-20874",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20875",
"@id": "CVE-2021-20875",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20876",
"@id": "CVE-2021-20876",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in GroupSession"
}
JVNDB-2021-000070
Vulnerability from jvndb - Published: 2021-07-19 15:41 - Updated:2023-03-08 17:02
Severity ?
Summary
Multiple vulnerabilities in GroupSession
Details
GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.
*Cross-site scripting vulnerability (CWE-79) - CVE-2021-20785
*Cross-site request forgery (CWE-352) - CVE-2021-20786
*Cross-site scripting vulnerability (CWE-79) - CVE-2021-20787
*Sever-side request forgery (CWE-918) - CVE-2021-20788
*Open redirect (CWE-601) - CVE-2021-20789
CVE-2021-20785, CVE-2021-20786
ASAI Ken reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20787, CVE-2021-20788, CVE-2021-20789
Ryo Sato of BroadBand Security,Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000070.html",
"dc:date": "2023-03-08T17:02+09:00",
"dcterms:issued": "2021-07-19T15:41+09:00",
"dcterms:modified": "2023-03-08T17:02+09:00",
"description": "GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below.\r\n*Cross-site scripting vulnerability (CWE-79) - CVE-2021-20785\r\n*Cross-site request forgery (CWE-352) - CVE-2021-20786\r\n*Cross-site scripting vulnerability (CWE-79) - CVE-2021-20787\r\n*Sever-side request forgery (CWE-918) - CVE-2021-20788\r\n*Open redirect (CWE-601) - CVE-2021-20789\r\n\r\nCVE-2021-20785, CVE-2021-20786\r\nASAI Ken reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20787, CVE-2021-20788, CVE-2021-20789\r\nRyo Sato of BroadBand Security,Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000070.html",
"sec:cpe": [
{
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000070",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN86026700/index.html",
"@id": "JVN#86026700",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20785",
"@id": "CVE-2021-20785",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20786",
"@id": "CVE-2021-20786",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20787",
"@id": "CVE-2021-20787",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20788",
"@id": "CVE-2021-20788",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20789",
"@id": "CVE-2021-20789",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20785",
"@id": "CVE-2021-20785",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20786",
"@id": "CVE-2021-20786",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20787",
"@id": "CVE-2021-20787",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20788",
"@id": "CVE-2021-20788",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20789",
"@id": "CVE-2021-20789",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in GroupSession"
}
JVNDB-2018-000003
Vulnerability from jvndb - Published: 2018-01-19 14:19 - Updated:2018-04-11 11:37
Severity ?
Summary
GroupSession vulnerable to open redirect
Details
GroupSession provided by Japan Total System Co.,Ltd. is an open source groupware. GroupSession contains an open redirect vulnerability (CWE-601).
Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000003.html",
"dc:date": "2018-04-11T11:37+09:00",
"dcterms:issued": "2018-01-19T14:19+09:00",
"dcterms:modified": "2018-04-11T11:37+09:00",
"description": "GroupSession provided by Japan Total System Co.,Ltd. is an open source groupware. GroupSession contains an open redirect vulnerability (CWE-601).\r\n\r\nNorihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000003.html",
"sec:cpe": {
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000003",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN26200083/index.html",
"@id": "JVN#26200083",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2166",
"@id": "CVE-2017-2166",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2166",
"@id": "CVE-2017-2166",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "GroupSession vulnerable to open redirect"
}
JVNDB-2017-000089
Vulnerability from jvndb - Published: 2017-05-25 14:14 - Updated:2018-01-24 11:59
Severity ?
Summary
GroupSession fails to restrict access permissions
Details
GroupSession provided by Japan Total System Co.,Ltd. is open source groupware. GroupSession fails to restrict access permissions.
Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000089.html",
"dc:date": "2018-01-24T11:59+09:00",
"dcterms:issued": "2017-05-25T14:14+09:00",
"dcterms:modified": "2018-01-24T11:59+09:00",
"description": "GroupSession provided by Japan Total System Co.,Ltd. is open source groupware. GroupSession fails to restrict access permissions.\r\n\r\nNorihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000089.html",
"sec:cpe": {
"#text": "cpe:/a:groupsession:groupsession",
"@product": "GroupSession",
"@vendor": "Japan Total System Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000089",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN42164352/index.html",
"@id": "JVN#42164352",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2165",
"@id": "CVE-2017-2165",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2165",
"@id": "CVE-2017-2165",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "GroupSession fails to restrict access permissions"
}
CVE-2021-20789 (GCVE-0-2021-20789)
Vulnerability from cvelistv5 – Published: 2021-07-28 00:45 – Updated: 2024-08-03 17:53
VLAI?
Summary
Open redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack via a specially crafted URL.
Severity ?
No CVSS data available.
CWE
- Open Redirect
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession |
Affected:
GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GroupSession",
"vendor": "Japan Total System Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack via a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T00:45:32",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GroupSession",
"version": {
"version_data": [
{
"version_value": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
}
]
},
"vendor_name": "Japan Total System Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack via a specially crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groupsession.jp/info/info-news/security202107",
"refsource": "MISC",
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"name": "https://jvn.jp/en/jp/JVN86026700/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20789",
"datePublished": "2021-07-28T00:45:32",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20788 (GCVE-0-2021-20788)
Vulnerability from cvelistv5 – Published: 2021-07-28 00:45 – Updated: 2024-08-03 17:53
VLAI?
Summary
Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote authenticated attacker to conduct a port scan from the product and/or obtain information from the internal Web server.
Severity ?
No CVSS data available.
CWE
- Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession |
Affected:
GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GroupSession",
"vendor": "Japan Total System Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote authenticated attacker to conduct a port scan from the product and/or obtain information from the internal Web server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T00:45:31",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GroupSession",
"version": {
"version_data": [
{
"version_value": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
}
]
},
"vendor_name": "Japan Total System Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote authenticated attacker to conduct a port scan from the product and/or obtain information from the internal Web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groupsession.jp/info/info-news/security202107",
"refsource": "MISC",
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"name": "https://jvn.jp/en/jp/JVN86026700/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20788",
"datePublished": "2021-07-28T00:45:31",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20787 (GCVE-0-2021-20787)
Vulnerability from cvelistv5 – Published: 2021-07-28 00:45 – Updated: 2024-08-03 17:53
VLAI?
Summary
Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession |
Affected:
GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GroupSession",
"vendor": "Japan Total System Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T00:45:29",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GroupSession",
"version": {
"version_data": [
{
"version_value": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
}
]
},
"vendor_name": "Japan Total System Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groupsession.jp/info/info-news/security202107",
"refsource": "MISC",
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"name": "https://jvn.jp/en/jp/JVN86026700/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20787",
"datePublished": "2021-07-28T00:45:29",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20786 (GCVE-0-2021-20786)
Vulnerability from cvelistv5 – Published: 2021-07-28 00:45 – Updated: 2024-08-03 17:53
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to hijack the authentication of administrators via a specially crafted URL.
Severity ?
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession |
Affected:
GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GroupSession",
"vendor": "Japan Total System Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to hijack the authentication of administrators via a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T00:45:27",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GroupSession",
"version": {
"version_data": [
{
"version_value": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
}
]
},
"vendor_name": "Japan Total System Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to hijack the authentication of administrators via a specially crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groupsession.jp/info/info-news/security202107",
"refsource": "MISC",
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"name": "https://jvn.jp/en/jp/JVN86026700/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20786",
"datePublished": "2021-07-28T00:45:27",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20785 (GCVE-0-2021-20785)
Vulnerability from cvelistv5 – Published: 2021-07-28 00:45 – Updated: 2024-08-03 17:53
VLAI?
Summary
Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession |
Affected:
GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GroupSession",
"vendor": "Japan Total System Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T00:45:26",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GroupSession",
"version": {
"version_data": [
{
"version_value": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
}
]
},
"vendor_name": "Japan Total System Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groupsession.jp/info/info-news/security202107",
"refsource": "MISC",
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"name": "https://jvn.jp/en/jp/JVN86026700/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20785",
"datePublished": "2021-07-28T00:45:26",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2166 (GCVE-0-2017-2166)
Vulnerability from cvelistv5 – Published: 2018-01-26 16:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Open Redirect
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession |
Affected:
version 4.7.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#26200083",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN26200083/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GroupSession",
"vendor": "Japan Total System Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "version 4.7.0 and earlier"
}
]
}
],
"datePublic": "2018-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-26T15:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#26200083",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN26200083/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GroupSession",
"version": {
"version_data": [
{
"version_value": "version 4.7.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Japan Total System Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#26200083",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN26200083/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2166",
"datePublished": "2018-01-26T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2165 (GCVE-0-2017-2165)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession |
Affected:
versions 4.6.4 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98719",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98719"
},
{
"name": "JVN#42164352",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN42164352/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GroupSession",
"vendor": "Japan Total System Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "versions 4.6.4 and earlier"
}
]
}
],
"datePublic": "2017-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "98719",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98719"
},
{
"name": "JVN#42164352",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN42164352/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GroupSession",
"version": {
"version_data": [
{
"version_value": "versions 4.6.4 and earlier"
}
]
}
}
]
},
"vendor_name": "Japan Total System Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98719",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98719"
},
{
"name": "JVN#42164352",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN42164352/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2165",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20789 (GCVE-0-2021-20789)
Vulnerability from nvd – Published: 2021-07-28 00:45 – Updated: 2024-08-03 17:53
VLAI?
Summary
Open redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack via a specially crafted URL.
Severity ?
No CVSS data available.
CWE
- Open Redirect
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession |
Affected:
GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GroupSession",
"vendor": "Japan Total System Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack via a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T00:45:32",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GroupSession",
"version": {
"version_data": [
{
"version_value": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
}
]
},
"vendor_name": "Japan Total System Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack via a specially crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groupsession.jp/info/info-news/security202107",
"refsource": "MISC",
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"name": "https://jvn.jp/en/jp/JVN86026700/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20789",
"datePublished": "2021-07-28T00:45:32",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20788 (GCVE-0-2021-20788)
Vulnerability from nvd – Published: 2021-07-28 00:45 – Updated: 2024-08-03 17:53
VLAI?
Summary
Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote authenticated attacker to conduct a port scan from the product and/or obtain information from the internal Web server.
Severity ?
No CVSS data available.
CWE
- Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession |
Affected:
GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GroupSession",
"vendor": "Japan Total System Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote authenticated attacker to conduct a port scan from the product and/or obtain information from the internal Web server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T00:45:31",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GroupSession",
"version": {
"version_data": [
{
"version_value": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
}
]
},
"vendor_name": "Japan Total System Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote authenticated attacker to conduct a port scan from the product and/or obtain information from the internal Web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groupsession.jp/info/info-news/security202107",
"refsource": "MISC",
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"name": "https://jvn.jp/en/jp/JVN86026700/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20788",
"datePublished": "2021-07-28T00:45:31",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20787 (GCVE-0-2021-20787)
Vulnerability from nvd – Published: 2021-07-28 00:45 – Updated: 2024-08-03 17:53
VLAI?
Summary
Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession |
Affected:
GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GroupSession",
"vendor": "Japan Total System Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T00:45:29",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GroupSession",
"version": {
"version_data": [
{
"version_value": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
}
]
},
"vendor_name": "Japan Total System Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groupsession.jp/info/info-news/security202107",
"refsource": "MISC",
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"name": "https://jvn.jp/en/jp/JVN86026700/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20787",
"datePublished": "2021-07-28T00:45:29",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20786 (GCVE-0-2021-20786)
Vulnerability from nvd – Published: 2021-07-28 00:45 – Updated: 2024-08-03 17:53
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to hijack the authentication of administrators via a specially crafted URL.
Severity ?
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession |
Affected:
GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GroupSession",
"vendor": "Japan Total System Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to hijack the authentication of administrators via a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T00:45:27",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GroupSession",
"version": {
"version_data": [
{
"version_value": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
}
]
},
"vendor_name": "Japan Total System Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to hijack the authentication of administrators via a specially crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groupsession.jp/info/info-news/security202107",
"refsource": "MISC",
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"name": "https://jvn.jp/en/jp/JVN86026700/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20786",
"datePublished": "2021-07-28T00:45:27",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20785 (GCVE-0-2021-20785)
Vulnerability from nvd – Published: 2021-07-28 00:45 – Updated: 2024-08-03 17:53
VLAI?
Summary
Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession |
Affected:
GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GroupSession",
"vendor": "Japan Total System Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T00:45:26",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GroupSession",
"version": {
"version_data": [
{
"version_value": "GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0"
}
]
}
}
]
},
"vendor_name": "Japan Total System Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groupsession.jp/info/info-news/security202107",
"refsource": "MISC",
"url": "https://groupsession.jp/info/info-news/security202107"
},
{
"name": "https://jvn.jp/en/jp/JVN86026700/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN86026700/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20785",
"datePublished": "2021-07-28T00:45:26",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2166 (GCVE-0-2017-2166)
Vulnerability from nvd – Published: 2018-01-26 16:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Open Redirect
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession |
Affected:
version 4.7.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#26200083",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN26200083/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GroupSession",
"vendor": "Japan Total System Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "version 4.7.0 and earlier"
}
]
}
],
"datePublic": "2018-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-26T15:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#26200083",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN26200083/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GroupSession",
"version": {
"version_data": [
{
"version_value": "version 4.7.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Japan Total System Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#26200083",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN26200083/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2166",
"datePublished": "2018-01-26T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2165 (GCVE-0-2017-2165)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Japan Total System Co.,Ltd. | GroupSession |
Affected:
versions 4.6.4 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98719",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98719"
},
{
"name": "JVN#42164352",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN42164352/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GroupSession",
"vendor": "Japan Total System Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "versions 4.6.4 and earlier"
}
]
}
],
"datePublic": "2017-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "98719",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98719"
},
{
"name": "JVN#42164352",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN42164352/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GroupSession",
"version": {
"version_data": [
{
"version_value": "versions 4.6.4 and earlier"
}
]
}
}
]
},
"vendor_name": "Japan Total System Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98719",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98719"
},
{
"name": "JVN#42164352",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN42164352/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2165",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}