All the vulnerabilites related to Implem Inc. - Pleasanter
jvndb-2023-000060
Vulnerability from jvndb
Published
2023-06-22 15:49
Modified
2024-05-07 14:10
Severity ?
Summary
Multiple vulnerabilities in Pleasanter
Details
Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below.
* Stored cross-site scripting vulnerability (CWE-79) - CVE-2023-32607
* Directory traversal vulnerability (CWE-22) - CVE-2023-32608
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to Implem Inc. and Implem Inc. reported them to IPA.
JPCERT/CC and Implem Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Implem Inc. | Pleasanter |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000060.html",
"dc:date": "2024-05-07T14:10+09:00",
"dcterms:issued": "2023-06-22T15:49+09:00",
"dcterms:modified": "2024-05-07T14:10+09:00",
"description": "Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below.\r\n\r\n * Stored cross-site scripting vulnerability (CWE-79) - CVE-2023-32607\r\n\r\n * Directory traversal vulnerability (CWE-22) - CVE-2023-32608\r\n\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to Implem Inc. and Implem Inc. reported them to IPA.\r\nJPCERT/CC and Implem Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000060.html",
"sec:cpe": {
"#text": "cpe:/a:pleasanter:pleasanter",
"@product": "Pleasanter",
"@vendor": "Implem Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000060",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN97818024/",
"@id": "JVN#97818024",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32607",
"@id": "CVE-2023-32607",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32608",
"@id": "CVE-2023-32608",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32607",
"@id": "CVE-2023-32607",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32608",
"@id": "CVE-2023-32608",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in Pleasanter"
}
jvndb-2023-000112
Vulnerability from jvndb
Published
2023-11-13 15:57
Modified
2024-04-22 17:56
Severity ?
Summary
Multiple vulnerabilities in Pleasanter
Details
Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below.
<ul><li>Stored cross-site scripting vulnerability (CWE-79) - CVE-2023-34439</li><li>Improper access control vulnerability (CWE-284) - CVE-2023-45210</li><li>Open redirect vulnerability (CWE-601) - CVE-2023-46688</li><li>Authentication bypass vulnerability by SAML (CWE-289) - CVE-2023-41890</li></ul>
CVE-2023-41890
This issue is caused by a vulnerability in Sustainsys.Saml2 library used in the product.
CVE-2023-34439,CVE-2023-45210
Sato Nobuhiro of Suzuki Motor Corporation and You Okuma of LAC Co., Ltd. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-46688
Yoichi Tsuzuki of FFRI Security, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Implem Inc. reported to IPA that CVE-2023-41890 vulnerability still exists in the product. JPCERT/CC coordinated with the developer.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Implem Inc. | Pleasanter |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000112.html",
"dc:date": "2024-04-22T17:56+09:00",
"dcterms:issued": "2023-11-13T15:57+09:00",
"dcterms:modified": "2024-04-22T17:56+09:00",
"description": "Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eStored cross-site scripting vulnerability (CWE-79) - CVE-2023-34439\u003c/li\u003e\u003cli\u003eImproper access control vulnerability (CWE-284) - CVE-2023-45210\u003c/li\u003e\u003cli\u003eOpen redirect vulnerability (CWE-601) - CVE-2023-46688\u003c/li\u003e\u003cli\u003eAuthentication bypass vulnerability by SAML (CWE-289) - CVE-2023-41890\u003c/li\u003e\u003c/ul\u003e\r\nCVE-2023-41890\r\nThis issue is caused by a vulnerability in Sustainsys.Saml2 library used in the product.\r\n\r\nCVE-2023-34439,CVE-2023-45210\r\nSato Nobuhiro of Suzuki Motor Corporation and You Okuma of LAC Co., Ltd. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-46688\r\nYoichi Tsuzuki of FFRI Security, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nImplem Inc. reported to IPA that CVE-2023-41890 vulnerability still exists in the product. JPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000112.html",
"sec:cpe": {
"#text": "cpe:/a:pleasanter:pleasanter",
"@product": "Pleasanter",
"@vendor": "Implem Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.9",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000112",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN96209256/index.html",
"@id": "JVN#96209256",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34439",
"@id": "CVE-2023-34439",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-45210",
"@id": "CVE-2023-45210",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-46688",
"@id": "CVE-2023-46688",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-41890",
"@id": "CVE-2023-41890",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34439",
"@id": "CVE-2023-34439",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-41890",
"@id": "CVE-2023-41890",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-45210",
"@id": "CVE-2023-45210",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-46688",
"@id": "CVE-2023-46688",
"@source": "NVD"
},
{
"#text": "https://github.com/Sustainsys/Saml2/security/advisories/GHSA-fv2h-753j-9g39",
"@id": "Insufficient Identity Provider Issuer Validation",
"@source": "Related Information"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in Pleasanter"
}
jvndb-2024-000003
Vulnerability from jvndb
Published
2024-01-15 15:59
Modified
2024-01-15 15:59
Severity ?
Summary
Pleasanter vulnerable to cross-site scripting
Details
Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability (CWE-79).
Masamitsu Kushi of Operation Group, Communication Technology Department, Digital Innovation HQ at Mitsubishi Heavy Industries, Ltd. reported this vulnerability to Implem Inc. and coordinated. After the coordination was completed, Implem Inc. reported the case to IPA under the Information Security Early Warning Partnership to notify users of the solution through JVN.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN51135247/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-21584 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Implem Inc. | Pleasanter |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000003.html",
"dc:date": "2024-01-15T15:59+09:00",
"dcterms:issued": "2024-01-15T15:59+09:00",
"dcterms:modified": "2024-01-15T15:59+09:00",
"description": "Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nMasamitsu Kushi of Operation Group, Communication Technology Department, Digital Innovation HQ at Mitsubishi Heavy Industries, Ltd. reported this vulnerability to Implem Inc. and coordinated. After the coordination was completed, Implem Inc. reported the case to IPA under the Information Security Early Warning Partnership to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000003.html",
"sec:cpe": {
"#text": "cpe:/a:pleasanter:pleasanter",
"@product": "Pleasanter",
"@vendor": "Implem Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000003",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN51135247/index.html",
"@id": "JVN#51135247",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-21584",
"@id": "CVE-2024-21584",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Pleasanter vulnerable to cross-site scripting"
}
jvndb-2023-000058
Vulnerability from jvndb
Published
2023-05-31 15:34
Modified
2024-03-19 18:17
Severity ?
Summary
Pleasanter vulnerable to cross-site scripting
Details
Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability (CWE-79).
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Implem Inc. and Implem Inc. reported it to IPA.
JPCERT/CC and Implem Inc. coordinated under the Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN62111727/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-30758 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-30758 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Implem Inc. | Pleasanter |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000058.html",
"dc:date": "2024-03-19T18:17+09:00",
"dcterms:issued": "2023-05-31T15:34+09:00",
"dcterms:modified": "2024-03-19T18:17+09:00",
"description": "Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Implem Inc. and Implem Inc. reported it to IPA.\r\nJPCERT/CC and Implem Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000058.html",
"sec:cpe": {
"#text": "cpe:/a:pleasanter:pleasanter",
"@product": "Pleasanter",
"@vendor": "Implem Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000058",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN62111727/index.html",
"@id": "JVN#62111727",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-30758",
"@id": "CVE-2023-30758",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-30758",
"@id": "CVE-2023-30758",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Pleasanter vulnerable to cross-site scripting"
}
cve-2024-21584
Vulnerability from cvelistv5
Published
2024-03-12 07:25
Modified
2024-08-01 22:27
Severity ?
EPSS score ?
Summary
Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Implem Inc. | Pleasanter |
Version: 1.3.49.0 and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T13:25:35.533706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:38:11.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:34.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pleasanter.org/archives/vulnerability-update-202401"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN51135247/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pleasanter ",
"vendor": "Implem Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.49.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user.\r\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T07:25:44.452Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://pleasanter.org/archives/vulnerability-update-202401"
},
{
"url": "https://jvn.jp/en/jp/JVN51135247/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-21584",
"datePublished": "2024-03-12T07:25:44.452Z",
"dateReserved": "2023-12-25T05:37:24.738Z",
"dateUpdated": "2024-08-01T22:27:34.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34439
Vulnerability from cvelistv5
Published
2023-12-06 08:40
Modified
2024-08-02 16:10
Severity ?
EPSS score ?
Summary
Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Implem Inc. | Pleasanter |
Version: 1.3.47.0 and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:07.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pleasanter.org/archives/vulnerability-update-202311"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN96209256/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pleasanter",
"vendor": "Implem Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.47.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user\u0027s web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-06T08:40:53.373Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://pleasanter.org/archives/vulnerability-update-202311"
},
{
"url": "https://jvn.jp/en/jp/JVN96209256/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-34439",
"datePublished": "2023-12-06T08:40:53.373Z",
"dateReserved": "2023-10-31T01:54:12.452Z",
"dateUpdated": "2024-08-02T16:10:07.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45210
Vulnerability from cvelistv5
Published
2023-12-06 08:40
Modified
2024-08-02 20:14
Severity ?
EPSS score ?
Summary
Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Implem Inc. | Pleasanter |
Version: 1.3.47.0 and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pleasanter.org/archives/vulnerability-update-202311"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN96209256/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pleasanter",
"vendor": "Implem Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.47.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-06T08:40:41.155Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://pleasanter.org/archives/vulnerability-update-202311"
},
{
"url": "https://jvn.jp/en/jp/JVN96209256/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-45210",
"datePublished": "2023-12-06T08:40:41.155Z",
"dateReserved": "2023-10-31T01:54:11.551Z",
"dateUpdated": "2024-08-02T20:14:19.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-30758
Vulnerability from cvelistv5
Published
2023-06-01 00:00
Modified
2024-08-02 14:37
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Implem Inc. | Pleasanter |
Version: 1.3.38.1 and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pleasanter.org/archives/vulnerability-update-202305"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Implem/Implem.Pleasanter/issues/474"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN62111727/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pleasanter",
"vendor": "Implem Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.38.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-01T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://pleasanter.org/archives/vulnerability-update-202305"
},
{
"url": "https://github.com/Implem/Implem.Pleasanter/issues/474"
},
{
"url": "https://jvn.jp/en/jp/JVN62111727/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-30758",
"datePublished": "2023-06-01T00:00:00",
"dateReserved": "2023-05-11T00:00:00",
"dateUpdated": "2024-08-02T14:37:15.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46688
Vulnerability from cvelistv5
Published
2023-12-06 08:40
Modified
2024-08-02 20:53
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Implem Inc. | Pleasanter |
Version: 1.3.47.0 and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pleasanter.org/archives/vulnerability-update-202311"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN96209256/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pleasanter",
"vendor": "Implem Inc.",
"versions": [
{
"status": "affected",
"version": "1.3.47.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-06T08:40:47.953Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://pleasanter.org/archives/vulnerability-update-202311"
},
{
"url": "https://jvn.jp/en/jp/JVN96209256/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-46688",
"datePublished": "2023-12-06T08:40:47.953Z",
"dateReserved": "2023-10-31T01:54:10.690Z",
"dateUpdated": "2024-08-02T20:53:20.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}