Search criteria
19 vulnerabilities found for Pleasanter by Implem Inc.
JVNDB-2025-000093
Vulnerability from jvndb - Published: 2025-10-24 15:11 - Updated:2025-10-24 15:11
Severity ?
Summary
Multiple stored cross-site scripting vulnerabilities in Pleasanter
Details
Pleasanter provided by Implem Inc. contains multiple stored cross-site scripting vulnerabilities listed below.
- Stored cross-site scripting vulnerability in Preview for Attachments (CWE-79) - CVE-2025-58070
- Stored cross-site scripting vulnerability in Body, Description and Comments (CWE-79) - CVE-2025-61931
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000093.html",
"dc:date": "2025-10-24T15:11+09:00",
"dcterms:issued": "2025-10-24T15:11+09:00",
"dcterms:modified": "2025-10-24T15:11+09:00",
"description": "Pleasanter provided by Implem Inc. contains multiple stored cross-site scripting vulnerabilities listed below.\r\n\u003cul\u003e\r\n\u003cli\u003eStored cross-site scripting vulnerability in Preview for Attachments (CWE-79) - CVE-2025-58070\u003c/li\u003e\r\n\u003cli\u003eStored cross-site scripting vulnerability in Body, Description and Comments (CWE-79) - CVE-2025-61931\u003c/li\u003e\r\n\u003c/ul\u003e\r\nThe following people reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2025-58070\r\nReporter: Tomoya Shirahashi of X-Force Red, IBM Japan, Ltd.\r\n\r\nCVE-2025-61931\r\nReporter: Kohei Yagyu of Mitsui Bussan Secure Directions, Inc.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000093.html",
"sec:cpe": {
"#text": "cpe:/a:pleasanter:pleasanter",
"@product": "Pleasanter",
"@vendor": "Implem Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000093",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN20611740/index.html",
"@id": "JVN#20611740",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-58070",
"@id": "CVE-2025-58070",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-61931",
"@id": "CVE-2025-61931",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple stored cross-site scripting vulnerabilities in Pleasanter"
}
JVNDB-2024-000003
Vulnerability from jvndb - Published: 2024-01-15 15:59 - Updated:2024-01-15 15:59
Severity ?
Summary
Pleasanter vulnerable to cross-site scripting
Details
Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability (CWE-79).
Masamitsu Kushi of Operation Group, Communication Technology Department, Digital Innovation HQ at Mitsubishi Heavy Industries, Ltd. reported this vulnerability to Implem Inc. and coordinated. After the coordination was completed, Implem Inc. reported the case to IPA under the Information Security Early Warning Partnership to notify users of the solution through JVN.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000003.html",
"dc:date": "2024-01-15T15:59+09:00",
"dcterms:issued": "2024-01-15T15:59+09:00",
"dcterms:modified": "2024-01-15T15:59+09:00",
"description": "Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nMasamitsu Kushi of Operation Group, Communication Technology Department, Digital Innovation HQ at Mitsubishi Heavy Industries, Ltd. reported this vulnerability to Implem Inc. and coordinated. After the coordination was completed, Implem Inc. reported the case to IPA under the Information Security Early Warning Partnership to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000003.html",
"sec:cpe": {
"#text": "cpe:/a:pleasanter:pleasanter",
"@product": "Pleasanter",
"@vendor": "Implem Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000003",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN51135247/index.html",
"@id": "JVN#51135247",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-21584",
"@id": "CVE-2024-21584",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Pleasanter vulnerable to cross-site scripting"
}
JVNDB-2023-000112
Vulnerability from jvndb - Published: 2023-11-13 15:57 - Updated:2024-04-22 17:56
Severity ?
Summary
Multiple vulnerabilities in Pleasanter
Details
Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below.
- Stored cross-site scripting vulnerability (CWE-79) - CVE-2023-34439
- Improper access control vulnerability (CWE-284) - CVE-2023-45210
- Open redirect vulnerability (CWE-601) - CVE-2023-46688
- Authentication bypass vulnerability by SAML (CWE-289) - CVE-2023-41890
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000112.html",
"dc:date": "2024-04-22T17:56+09:00",
"dcterms:issued": "2023-11-13T15:57+09:00",
"dcterms:modified": "2024-04-22T17:56+09:00",
"description": "Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eStored cross-site scripting vulnerability (CWE-79) - CVE-2023-34439\u003c/li\u003e\u003cli\u003eImproper access control vulnerability (CWE-284) - CVE-2023-45210\u003c/li\u003e\u003cli\u003eOpen redirect vulnerability (CWE-601) - CVE-2023-46688\u003c/li\u003e\u003cli\u003eAuthentication bypass vulnerability by SAML (CWE-289) - CVE-2023-41890\u003c/li\u003e\u003c/ul\u003e\r\nCVE-2023-41890\r\nThis issue is caused by a vulnerability in Sustainsys.Saml2 library used in the product.\r\n\r\nCVE-2023-34439,CVE-2023-45210\r\nSato Nobuhiro of Suzuki Motor Corporation and You Okuma of LAC Co., Ltd. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-46688\r\nYoichi Tsuzuki of FFRI Security, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nImplem Inc. reported to IPA that CVE-2023-41890 vulnerability still exists in the product. JPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000112.html",
"sec:cpe": {
"#text": "cpe:/a:pleasanter:pleasanter",
"@product": "Pleasanter",
"@vendor": "Implem Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.9",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000112",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN96209256/index.html",
"@id": "JVN#96209256",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34439",
"@id": "CVE-2023-34439",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-45210",
"@id": "CVE-2023-45210",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-46688",
"@id": "CVE-2023-46688",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-41890",
"@id": "CVE-2023-41890",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34439",
"@id": "CVE-2023-34439",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-41890",
"@id": "CVE-2023-41890",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-45210",
"@id": "CVE-2023-45210",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-46688",
"@id": "CVE-2023-46688",
"@source": "NVD"
},
{
"#text": "https://github.com/Sustainsys/Saml2/security/advisories/GHSA-fv2h-753j-9g39",
"@id": "Insufficient Identity Provider Issuer Validation",
"@source": "Related Information"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in Pleasanter"
}
JVNDB-2023-000060
Vulnerability from jvndb - Published: 2023-06-22 15:49 - Updated:2024-05-07 14:10
Severity ?
Summary
Multiple vulnerabilities in Pleasanter
Details
Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below.
* Stored cross-site scripting vulnerability (CWE-79) - CVE-2023-32607
* Directory traversal vulnerability (CWE-22) - CVE-2023-32608
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to Implem Inc. and Implem Inc. reported them to IPA.
JPCERT/CC and Implem Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000060.html",
"dc:date": "2024-05-07T14:10+09:00",
"dcterms:issued": "2023-06-22T15:49+09:00",
"dcterms:modified": "2024-05-07T14:10+09:00",
"description": "Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below.\r\n\r\n * Stored cross-site scripting vulnerability (CWE-79) - CVE-2023-32607\r\n\r\n * Directory traversal vulnerability (CWE-22) - CVE-2023-32608\r\n\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to Implem Inc. and Implem Inc. reported them to IPA.\r\nJPCERT/CC and Implem Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000060.html",
"sec:cpe": {
"#text": "cpe:/a:pleasanter:pleasanter",
"@product": "Pleasanter",
"@vendor": "Implem Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000060",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN97818024/",
"@id": "JVN#97818024",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32607",
"@id": "CVE-2023-32607",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32608",
"@id": "CVE-2023-32608",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32607",
"@id": "CVE-2023-32607",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32608",
"@id": "CVE-2023-32608",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in Pleasanter"
}
JVNDB-2023-000058
Vulnerability from jvndb - Published: 2023-05-31 15:34 - Updated:2024-03-19 18:17
Severity ?
Summary
Pleasanter vulnerable to cross-site scripting
Details
Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability (CWE-79).
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Implem Inc. and Implem Inc. reported it to IPA.
JPCERT/CC and Implem Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000058.html",
"dc:date": "2024-03-19T18:17+09:00",
"dcterms:issued": "2023-05-31T15:34+09:00",
"dcterms:modified": "2024-03-19T18:17+09:00",
"description": "Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Implem Inc. and Implem Inc. reported it to IPA.\r\nJPCERT/CC and Implem Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000058.html",
"sec:cpe": {
"#text": "cpe:/a:pleasanter:pleasanter",
"@product": "Pleasanter",
"@vendor": "Implem Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000058",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN62111727/index.html",
"@id": "JVN#62111727",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-30758",
"@id": "CVE-2023-30758",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-30758",
"@id": "CVE-2023-30758",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Pleasanter vulnerable to cross-site scripting"
}
CVE-2025-61931 (GCVE-0-2025-61931)
Vulnerability from cvelistv5 – Published: 2025-10-24 05:17 – Updated: 2025-10-24 12:31
VLAI?
Summary
Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Implem Inc. | Pleasanter |
Affected:
1.4.20.0 and earlier versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61931",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-24T12:10:58.352740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T12:31:22.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Pleasanter",
"vendor": "Implem Inc.",
"versions": [
{
"status": "affected",
"version": "1.4.20.0 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user\u0027s web browser."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T05:17:30.940Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://pleasanter.org/archives/vulnerability-update-20251024"
},
{
"url": "https://jvn.jp/en/jp/JVN20611740/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-61931",
"datePublished": "2025-10-24T05:17:30.940Z",
"dateReserved": "2025-10-20T00:08:20.153Z",
"dateUpdated": "2025-10-24T12:31:22.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58070 (GCVE-0-2025-58070)
Vulnerability from cvelistv5 – Published: 2025-10-24 05:17 – Updated: 2025-10-24 12:31
VLAI?
Summary
Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Implem Inc. | Pleasanter |
Affected:
1.4.20.0 and earlier versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58070",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-24T12:10:59.789763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T12:31:28.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Pleasanter",
"vendor": "Implem Inc.",
"versions": [
{
"status": "affected",
"version": "1.4.20.0 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user\u0027s web browser."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T05:17:23.369Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://pleasanter.org/archives/vulnerability-update-20251024"
},
{
"url": "https://jvn.jp/en/jp/JVN20611740/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-58070",
"datePublished": "2025-10-24T05:17:23.369Z",
"dateReserved": "2025-10-20T00:08:22.870Z",
"dateUpdated": "2025-10-24T12:31:28.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21584 (GCVE-0-2024-21584)
Vulnerability from cvelistv5 – Published: 2024-03-12 07:25 – Updated: 2025-03-13 16:09
VLAI?
Summary
Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user.
Severity ?
6.1 (Medium)
CWE
- Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Implem Inc. | Pleasanter |
Affected:
1.3.49.0 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-21584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T13:25:35.533706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T16:09:31.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:34.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pleasanter.org/archives/vulnerability-update-202401"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN51135247/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pleasanter ",
"vendor": "Implem Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.49.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user.\r\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T07:25:44.452Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://pleasanter.org/archives/vulnerability-update-202401"
},
{
"url": "https://jvn.jp/en/jp/JVN51135247/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-21584",
"datePublished": "2024-03-12T07:25:44.452Z",
"dateReserved": "2023-12-25T05:37:24.738Z",
"dateUpdated": "2025-03-13T16:09:31.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34439 (GCVE-0-2023-34439)
Vulnerability from cvelistv5 – Published: 2023-12-06 08:40 – Updated: 2024-08-02 16:10
VLAI?
Summary
Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Implem Inc. | Pleasanter |
Affected:
1.3.47.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:07.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pleasanter.org/archives/vulnerability-update-202311"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN96209256/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pleasanter",
"vendor": "Implem Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.47.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user\u0027s web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-06T08:40:53.373Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://pleasanter.org/archives/vulnerability-update-202311"
},
{
"url": "https://jvn.jp/en/jp/JVN96209256/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-34439",
"datePublished": "2023-12-06T08:40:53.373Z",
"dateReserved": "2023-10-31T01:54:12.452Z",
"dateUpdated": "2024-08-02T16:10:07.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46688 (GCVE-0-2023-46688)
Vulnerability from cvelistv5 – Published: 2023-12-06 08:40 – Updated: 2024-08-02 20:53
VLAI?
Summary
Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL.
Severity ?
No CVSS data available.
CWE
- Open Redirect
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Implem Inc. | Pleasanter |
Affected:
1.3.47.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pleasanter.org/archives/vulnerability-update-202311"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN96209256/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pleasanter",
"vendor": "Implem Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.47.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-06T08:40:47.953Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://pleasanter.org/archives/vulnerability-update-202311"
},
{
"url": "https://jvn.jp/en/jp/JVN96209256/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-46688",
"datePublished": "2023-12-06T08:40:47.953Z",
"dateReserved": "2023-10-31T01:54:10.690Z",
"dateUpdated": "2024-08-02T20:53:20.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45210 (GCVE-0-2023-45210)
Vulnerability from cvelistv5 – Published: 2023-12-06 08:40 – Updated: 2025-05-28 15:49
VLAI?
Summary
Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access.
Severity ?
4.3 (Medium)
CWE
- Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Implem Inc. | Pleasanter |
Affected:
1.3.47.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pleasanter.org/archives/vulnerability-update-202311"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN96209256/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-45210",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T15:48:33.200555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T15:49:58.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Pleasanter",
"vendor": "Implem Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.47.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-06T08:40:41.155Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://pleasanter.org/archives/vulnerability-update-202311"
},
{
"url": "https://jvn.jp/en/jp/JVN96209256/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-45210",
"datePublished": "2023-12-06T08:40:41.155Z",
"dateReserved": "2023-10-31T01:54:11.551Z",
"dateUpdated": "2025-05-28T15:49:58.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30758 (GCVE-0-2023-30758)
Vulnerability from cvelistv5 – Published: 2023-06-01 00:00 – Updated: 2025-01-09 17:53
VLAI?
Summary
Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.
Severity ?
5.4 (Medium)
CWE
- Cross-site scripting
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Implem Inc. | Pleasanter |
Affected:
1.3.38.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pleasanter.org/archives/vulnerability-update-202305"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Implem/Implem.Pleasanter/issues/474"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN62111727/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-30758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T17:53:19.338240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T17:53:24.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Pleasanter",
"vendor": "Implem Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.38.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-01T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://pleasanter.org/archives/vulnerability-update-202305"
},
{
"url": "https://github.com/Implem/Implem.Pleasanter/issues/474"
},
{
"url": "https://jvn.jp/en/jp/JVN62111727/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-30758",
"datePublished": "2023-06-01T00:00:00",
"dateReserved": "2023-05-11T00:00:00",
"dateUpdated": "2025-01-09T17:53:24.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-61931 (GCVE-0-2025-61931)
Vulnerability from nvd – Published: 2025-10-24 05:17 – Updated: 2025-10-24 12:31
VLAI?
Summary
Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Implem Inc. | Pleasanter |
Affected:
1.4.20.0 and earlier versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61931",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-24T12:10:58.352740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T12:31:22.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Pleasanter",
"vendor": "Implem Inc.",
"versions": [
{
"status": "affected",
"version": "1.4.20.0 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user\u0027s web browser."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T05:17:30.940Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://pleasanter.org/archives/vulnerability-update-20251024"
},
{
"url": "https://jvn.jp/en/jp/JVN20611740/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-61931",
"datePublished": "2025-10-24T05:17:30.940Z",
"dateReserved": "2025-10-20T00:08:20.153Z",
"dateUpdated": "2025-10-24T12:31:22.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58070 (GCVE-0-2025-58070)
Vulnerability from nvd – Published: 2025-10-24 05:17 – Updated: 2025-10-24 12:31
VLAI?
Summary
Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Implem Inc. | Pleasanter |
Affected:
1.4.20.0 and earlier versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58070",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-24T12:10:59.789763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T12:31:28.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Pleasanter",
"vendor": "Implem Inc.",
"versions": [
{
"status": "affected",
"version": "1.4.20.0 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user\u0027s web browser."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T05:17:23.369Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://pleasanter.org/archives/vulnerability-update-20251024"
},
{
"url": "https://jvn.jp/en/jp/JVN20611740/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-58070",
"datePublished": "2025-10-24T05:17:23.369Z",
"dateReserved": "2025-10-20T00:08:22.870Z",
"dateUpdated": "2025-10-24T12:31:28.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21584 (GCVE-0-2024-21584)
Vulnerability from nvd – Published: 2024-03-12 07:25 – Updated: 2025-03-13 16:09
VLAI?
Summary
Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user.
Severity ?
6.1 (Medium)
CWE
- Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Implem Inc. | Pleasanter |
Affected:
1.3.49.0 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-21584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T13:25:35.533706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T16:09:31.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:34.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pleasanter.org/archives/vulnerability-update-202401"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN51135247/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pleasanter ",
"vendor": "Implem Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.49.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user.\r\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T07:25:44.452Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://pleasanter.org/archives/vulnerability-update-202401"
},
{
"url": "https://jvn.jp/en/jp/JVN51135247/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-21584",
"datePublished": "2024-03-12T07:25:44.452Z",
"dateReserved": "2023-12-25T05:37:24.738Z",
"dateUpdated": "2025-03-13T16:09:31.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34439 (GCVE-0-2023-34439)
Vulnerability from nvd – Published: 2023-12-06 08:40 – Updated: 2024-08-02 16:10
VLAI?
Summary
Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Implem Inc. | Pleasanter |
Affected:
1.3.47.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:07.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pleasanter.org/archives/vulnerability-update-202311"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN96209256/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pleasanter",
"vendor": "Implem Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.47.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user\u0027s web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-06T08:40:53.373Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://pleasanter.org/archives/vulnerability-update-202311"
},
{
"url": "https://jvn.jp/en/jp/JVN96209256/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-34439",
"datePublished": "2023-12-06T08:40:53.373Z",
"dateReserved": "2023-10-31T01:54:12.452Z",
"dateUpdated": "2024-08-02T16:10:07.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46688 (GCVE-0-2023-46688)
Vulnerability from nvd – Published: 2023-12-06 08:40 – Updated: 2024-08-02 20:53
VLAI?
Summary
Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL.
Severity ?
No CVSS data available.
CWE
- Open Redirect
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Implem Inc. | Pleasanter |
Affected:
1.3.47.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pleasanter.org/archives/vulnerability-update-202311"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN96209256/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pleasanter",
"vendor": "Implem Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.47.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-06T08:40:47.953Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://pleasanter.org/archives/vulnerability-update-202311"
},
{
"url": "https://jvn.jp/en/jp/JVN96209256/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-46688",
"datePublished": "2023-12-06T08:40:47.953Z",
"dateReserved": "2023-10-31T01:54:10.690Z",
"dateUpdated": "2024-08-02T20:53:20.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45210 (GCVE-0-2023-45210)
Vulnerability from nvd – Published: 2023-12-06 08:40 – Updated: 2025-05-28 15:49
VLAI?
Summary
Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access.
Severity ?
4.3 (Medium)
CWE
- Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Implem Inc. | Pleasanter |
Affected:
1.3.47.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pleasanter.org/archives/vulnerability-update-202311"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN96209256/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-45210",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T15:48:33.200555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T15:49:58.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Pleasanter",
"vendor": "Implem Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.47.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-06T08:40:41.155Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://pleasanter.org/archives/vulnerability-update-202311"
},
{
"url": "https://jvn.jp/en/jp/JVN96209256/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-45210",
"datePublished": "2023-12-06T08:40:41.155Z",
"dateReserved": "2023-10-31T01:54:11.551Z",
"dateUpdated": "2025-05-28T15:49:58.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30758 (GCVE-0-2023-30758)
Vulnerability from nvd – Published: 2023-06-01 00:00 – Updated: 2025-01-09 17:53
VLAI?
Summary
Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.
Severity ?
5.4 (Medium)
CWE
- Cross-site scripting
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Implem Inc. | Pleasanter |
Affected:
1.3.38.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pleasanter.org/archives/vulnerability-update-202305"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Implem/Implem.Pleasanter/issues/474"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN62111727/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-30758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T17:53:19.338240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T17:53:24.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Pleasanter",
"vendor": "Implem Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.38.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-01T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://pleasanter.org/archives/vulnerability-update-202305"
},
{
"url": "https://github.com/Implem/Implem.Pleasanter/issues/474"
},
{
"url": "https://jvn.jp/en/jp/JVN62111727/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-30758",
"datePublished": "2023-06-01T00:00:00",
"dateReserved": "2023-05-11T00:00:00",
"dateUpdated": "2025-01-09T17:53:24.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}