All the vulnerabilites related to Japan System Techniques Co., Ltd. - UNIVERSAL PASSPORT RX
cve-2023-51436
Vulnerability from cvelistv5
Published
2024-06-03 03:45
Modified
2024-08-15 15:16
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX versions 1.0.0 to 1.0.8, which may allow a remote authenticated attacker with an administrative privilege to execute an arbitrary script on the web browser of the user who is using the product.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Japan System Techniques Co., Ltd. | UNIVERSAL PASSPORT RX |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:09.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jast-gakuen.com/products/unipa/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN43215077/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:japan_system_techniques:universal_passport_rx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "universal_passport_rx",
"vendor": "japan_system_techniques",
"versions": [
{
"lessThanOrEqual": "1.0.8",
"status": "unknown",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51436",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T19:44:04.953743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T15:16:45.674Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UNIVERSAL PASSPORT RX",
"vendor": "Japan System Techniques Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "1.0.0 to 1.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX versions 1.0.0 to 1.0.8, which may allow a remote authenticated attacker with an administrative privilege to execute an arbitrary script on the web browser of the user who is using the product. "
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T03:45:17.921Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.jast-gakuen.com/products/unipa/"
},
{
"url": "https://jvn.jp/en/jp/JVN43215077/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-51436",
"datePublished": "2024-06-03T03:45:17.921Z",
"dateReserved": "2023-12-19T01:51:55.989Z",
"dateUpdated": "2024-08-15T15:16:45.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-42427
Vulnerability from cvelistv5
Published
2024-06-03 03:44
Modified
2024-08-02 19:16
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX versions 1.0.0 to 1.0.7, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is using the product.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Japan System Techniques Co., Ltd. | UNIVERSAL PASSPORT RX |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:japan_system_techniques:universal_passport_rx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "universal_passport_rx",
"vendor": "japan_system_techniques",
"versions": [
{
"lessThanOrEqual": "1.0.7",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42427",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T18:06:11.605847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:25:06.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:16:51.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jast-gakuen.com/products/unipa/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN43215077/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UNIVERSAL PASSPORT RX",
"vendor": "Japan System Techniques Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "1.0.0 to 1.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX versions 1.0.0 to 1.0.7, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is using the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T03:44:54.434Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.jast-gakuen.com/products/unipa/"
},
{
"url": "https://jvn.jp/en/jp/JVN43215077/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-42427",
"datePublished": "2024-06-03T03:44:54.434Z",
"dateReserved": "2023-09-08T05:05:58.916Z",
"dateUpdated": "2024-08-02T19:16:51.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2024-000057
Vulnerability from jvndb
Published
2024-06-03 15:32
Modified
2024-06-03 15:32
Severity ?
Summary
Multiple vulnerabilities in UNIVERSAL PASSPORT RX
Details
UNIVERSAL PASSPORT RX provided by Japan System Techniques Co., Ltd. contains multiple vulnerabilities listed below.
<ul><li>Cross-site scripting (CWE-79) - CVE-2023-42427</li>
<li>Dependency on vulnerable third-party component (CWE-1395)<br />
Known vulnerability in Primefaces library used in the product</li>
<li>Cross-site scripting (CWE-79) - CVE-2023-51436</li></ul>
CVE-2023-42427
Japan System Techniques Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Japan System Techniques Co., Ltd. coordinated under the Information Security Early Warning Partnership.
Known vulnerability in Primefaces library
Morita Keiichi and Watanabe Kosuke of Tokyo Denki University reported to Japan System Techniques Co., Ltd. that this vulnerability still exists in the product and coordinated. Japan System Techniques Co., Ltd. and JPCERT/CC published respective advisories in order to notify users of this vulnerability.
CVE-2023-51436
MATSUMOTO Yuuki of Tokyo University of Information Sciences reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN43215077/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-42427 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-51436 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
| No Mapping(CWE-Other) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000057.html",
"dc:date": "2024-06-03T15:32+09:00",
"dcterms:issued": "2024-06-03T15:32+09:00",
"dcterms:modified": "2024-06-03T15:32+09:00",
"description": "UNIVERSAL PASSPORT RX provided by Japan System Techniques Co., Ltd. contains multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\u003cli\u003eCross-site scripting (CWE-79) - CVE-2023-42427\u003c/li\u003e\r\n\u003cli\u003eDependency on vulnerable third-party component (CWE-1395)\u003cbr /\u003e\r\nKnown vulnerability in Primefaces library used in the product\u003c/li\u003e\r\n\u003cli\u003eCross-site scripting (CWE-79) - CVE-2023-51436\u003c/li\u003e\u003c/ul\u003e\r\n\r\nCVE-2023-42427\r\nJapan System Techniques Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Japan System Techniques Co., Ltd. coordinated under the Information Security Early Warning Partnership.\r\n\r\nKnown vulnerability in Primefaces library\r\nMorita Keiichi and Watanabe Kosuke of Tokyo Denki University reported to Japan System Techniques Co., Ltd. that this vulnerability still exists in the product and coordinated. Japan System Techniques Co., Ltd. and JPCERT/CC published respective advisories in order to notify users of this vulnerability.\r\n\r\nCVE-2023-51436\r\nMATSUMOTO Yuuki of Tokyo University of Information Sciences reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000057.html",
"sec:cpe": [
{
"#text": "cpe:/a:misc:japan_system_techniques_universal_passport_rx",
"@product": "UNIVERSAL PASSPORT RX",
"@vendor": "Japan System Techniques Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:japan_system_techniques_universal_passport_rx",
"@product": "UNIVERSAL PASSPORT RX",
"@vendor": "Japan System Techniques Co., Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000057",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN43215077/index.html",
"@id": "JVN#43215077",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-42427",
"@id": "CVE-2023-42427",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-51436",
"@id": "CVE-2023-51436",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in UNIVERSAL PASSPORT RX"
}