All the vulnerabilites related to Media Fusion Co.,Ltd. - MF Teacher Performance Management System
cve-2024-41930
Vulnerability from cvelistv5
Published
2024-09-27 08:55
Modified
2024-11-04 21:12
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jvn.jp/en/jp/JVN21176842/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Media Fusion Co.,Ltd. | MF Teacher Performance Management System |
Version: version 6 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41930",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T16:09:42.758252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T21:12:00.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MF Teacher Performance Management System",
"vendor": "Media Fusion Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "version 6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T08:55:36.791Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN21176842/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-41930",
"datePublished": "2024-09-27T08:55:36.791Z",
"dateReserved": "2024-07-30T00:16:06.462Z",
"dateUpdated": "2024-11-04T21:12:00.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2024-000104
Vulnerability from jvndb
Published
2024-09-27 15:00
Modified
2024-10-10 11:14
Severity ?
Summary
MF Teacher Performance Management System vulnerable to cross-site scripting
Details
MF Teacher Performance Management System provided by Media Fusion Co.,Ltd. contains a cross-site scripting vulnerability (CWE-79).
Akira Sumiyoshi, Takuto Matsuhashi, Kei Watanabe, Akio Yamaguchi, Syunji Yazaki and Hideaki Tsuchiya of UEC-CSIRT, The University of Electro-Communications reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN21176842/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-41930 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000104.html",
"dc:date": "2024-10-10T11:14+09:00",
"dcterms:issued": "2024-09-27T15:00+09:00",
"dcterms:modified": "2024-10-10T11:14+09:00",
"description": "MF Teacher Performance Management System provided by Media Fusion Co.,Ltd. contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nAkira Sumiyoshi, Takuto Matsuhashi, Kei Watanabe, Akio Yamaguchi, Syunji Yazaki and Hideaki Tsuchiya of UEC-CSIRT, The University of Electro-Communications reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000104.html",
"sec:cpe": {
"#text": "cpe:/a:misc:media_fusion_mf_teacher_performance_management_system",
"@product": "MF Teacher Performance Management System",
"@vendor": "Media Fusion Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000104",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN21176842/index.html",
"@id": "JVN#21176842",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-41930",
"@id": "CVE-2024-41930",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "MF Teacher Performance Management System vulnerable to cross-site scripting"
}