Search criteria
52 vulnerabilities found for a-blog cms by appleple inc.
CVE-2025-27566 (GCVE-0-2025-27566)
Vulnerability from cvelistv5 – Published: 2025-05-19 08:09 – Updated: 2025-05-19 14:42
VLAI?
Summary
Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote authenticated attacker with the administrator privilege may obtain or delete any file on the server.
Severity ?
CWE
- CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms |
Affected:
prior to Ver. 3.1.43 (Ver. 3.1.x series)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T14:42:37.649183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T14:42:50.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver. 3.1.43 (Ver. 3.1.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver. 3.0.47 (Ver. 3.0.x series)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote authenticated attacker with the administrator privilege may obtain or delete any file on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T08:09:26.427Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVNVU-90760614.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90760614/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-27566",
"datePublished": "2025-05-19T08:09:26.427Z",
"dateReserved": "2025-05-12T23:37:57.129Z",
"dateUpdated": "2025-05-19T14:42:50.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32999 (GCVE-0-2025-32999)
Vulnerability from cvelistv5 – Published: 2025-05-19 08:08 – Updated: 2025-05-19 15:28
VLAI?
Summary
Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms |
Affected:
prior to Ver. 3.1.43 (Ver. 3.1.x series)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32999",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T15:28:29.608680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T15:28:40.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver. 3.1.43 (Ver. 3.1.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver. 3.0.47 (Ver. 3.0.x series)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T08:08:51.815Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVNVU-90760614.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90760614/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-32999",
"datePublished": "2025-05-19T08:08:51.815Z",
"dateReserved": "2025-05-12T23:37:56.186Z",
"dateUpdated": "2025-05-19T15:28:40.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36560 (GCVE-0-2025-36560)
Vulnerability from cvelistv5 – Published: 2025-05-19 08:08 – Updated: 2025-05-19 15:45
VLAI?
Summary
Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted request.
Severity ?
8.6 (High)
CWE
- CWE-918 - Server-side request forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms |
Affected:
Ver. 2.8.85 and earlier (Ver. 2.8.x series)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36560",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T15:45:12.728197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T15:45:37.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 2.8.85 and earlier (Ver. 2.8.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 3.1.43 and earlier (Ver. 3.1.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 3.0.47 and earlier (Ver. 3.0.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 2.11.75 and earlier (Ver. 2.11.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 2.10.63 and earlier (Ver. 2.10.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 2.9.52 and earlier (Ver. 2.9.x series)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted request."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-side request forgery (SSRF)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T08:08:00.732Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVNVU-90760614.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90760614/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-36560",
"datePublished": "2025-05-19T08:08:00.732Z",
"dateReserved": "2025-05-12T23:37:55.230Z",
"dateUpdated": "2025-05-19T15:45:37.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41429 (GCVE-0-2025-41429)
Vulnerability from cvelistv5 – Published: 2025-05-19 08:07 – Updated: 2025-05-19 15:46
VLAI?
Summary
a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session.
Severity ?
CWE
- CWE-117 - Improper output neutralization for logs
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms |
Affected:
Ver. 2.8.85 and earlier (Ver. 2.8.x series)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T15:46:16.181139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T15:46:29.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 2.8.85 and earlier (Ver. 2.8.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 3.1.43 and earlier (Ver. 3.1.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 3.0.47 and earlier (Ver. 3.0.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 2.11.75 and earlier (Ver. 2.11.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 2.10.63 and earlier (Ver. 2.10.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 2.9.52 and earlier (Ver. 2.9.x series)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user\u0027s session."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 2.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "Improper output neutralization for logs",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T08:07:38.068Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVNVU-90760614.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90760614/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-41429",
"datePublished": "2025-05-19T08:07:38.068Z",
"dateReserved": "2025-05-12T23:37:54.373Z",
"dateUpdated": "2025-05-19T15:46:29.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31395 (GCVE-0-2024-31395)
Vulnerability from cvelistv5 – Published: 2024-05-22 04:35 – Updated: 2024-10-31 14:53
VLAI?
Summary
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may execute an arbitrary script on the web browser of the user who accessed the schedule management page.
Severity ?
6.1 (Medium)
CWE
- Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms Ver.3.1.x series |
Affected:
prior to Ver.3.1.12
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T14:24:22.284116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T14:53:49.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN70977403/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.12"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.32"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.61"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.53"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may execute an arbitrary script on the web browser of the user who accessed the schedule management page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T04:35:37.216Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"
},
{
"url": "https://jvn.jp/en/jp/JVN70977403/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31395",
"datePublished": "2024-05-22T04:35:37.216Z",
"dateReserved": "2024-04-03T02:24:22.988Z",
"dateUpdated": "2024-10-31T14:53:49.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31394 (GCVE-0-2024-31394)
Vulnerability from cvelistv5 – Published: 2024-05-22 04:35 – Updated: 2025-03-27 15:03
VLAI?
Summary
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may obtain arbitrary files on the server.
Severity ?
6.5 (Medium)
CWE
- Directory traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms Ver.3.1.x series |
Affected:
prior to Ver.3.1.12
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T17:10:48.613952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:03:43.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN70977403/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.12"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.32"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.61"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.53"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may obtain arbitrary files on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T04:35:31.768Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"
},
{
"url": "https://jvn.jp/en/jp/JVN70977403/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31394",
"datePublished": "2024-05-22T04:35:31.768Z",
"dateReserved": "2024-04-03T02:24:22.988Z",
"dateUpdated": "2025-03-27T15:03:43.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30419 (GCVE-0-2024-30419)
Vulnerability from cvelistv5 – Published: 2024-05-22 04:35 – Updated: 2024-08-02 01:32
VLAI?
Summary
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege who can log in to the product may execute an arbitrary script on the web browser of the user who accessed the website using the product.
Severity ?
5.4 (Medium)
CWE
- Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms Ver.3.1.x series |
Affected:
prior to Ver.3.1.12
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "a-blog_cms",
"vendor": "appleple",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "3.1.0",
"versionType": "custom"
},
{
"lessThan": "3.0.32",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
},
{
"lessThan": "2.11.61",
"status": "affected",
"version": "2.11.0",
"versionType": "custom"
},
{
"lessThan": "2.10.53",
"status": "affected",
"version": "2.10.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-30419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T14:36:51.156737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T16:16:04.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:07.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN70977403/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.12"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.32"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.61"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.53"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege who can log in to the product may execute an arbitrary script on the web browser of the user who accessed the website using the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T04:35:09.652Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"
},
{
"url": "https://jvn.jp/en/jp/JVN70977403/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-30419",
"datePublished": "2024-05-22T04:35:09.652Z",
"dateReserved": "2024-03-27T03:59:36.078Z",
"dateUpdated": "2024-08-02T01:32:07.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27279 (GCVE-0-2024-27279)
Vulnerability from cvelistv5 – Published: 2024-03-12 08:19 – Updated: 2024-10-31 18:12
VLAI?
Summary
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with editor or higher privilege who can login to the product may obtain arbitrary files on the server including password files.
Severity ?
6.5 (Medium)
CWE
- Directory traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms Ver.3.1.x series |
Affected:
Ver.3.1.9 and earlier
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-48443978.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN48443978/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T20:11:57.193866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T18:12:32.261Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.3.1.9 and earlier"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.3.0.30 and earlier"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.11.59 and earlier"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.10.51 and earlier"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with editor or higher privilege who can login to the product may obtain arbitrary files on the server including password files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T08:19:48.705Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-48443978.html"
},
{
"url": "https://jvn.jp/en/jp/JVN48443978/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-27279",
"datePublished": "2024-03-12T08:19:48.705Z",
"dateReserved": "2024-02-22T02:26:33.074Z",
"dateUpdated": "2024-10-31T18:12:32.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25559 (GCVE-0-2024-25559)
Vulnerability from cvelistv5 – Published: 2024-02-15 04:32 – Updated: 2024-11-01 20:52
VLAI?
Summary
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log.
Severity ?
4.7 (Medium)
CWE
- User Interface (UI) Misrepresentation of Critical Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| appleple inc. | a-blog cms |
Affected:
Ver.3.1.0 to Ver.3.1.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-48966481.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN48966481/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T15:40:13.733974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T20:52:44.326Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.3.1.0 to Ver.3.1.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-15T04:32:37.608Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-48966481.html"
},
{
"url": "https://jvn.jp/en/jp/JVN48966481/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-25559",
"datePublished": "2024-02-15T04:32:37.608Z",
"dateReserved": "2024-02-08T01:35:27.596Z",
"dateUpdated": "2024-11-01T20:52:44.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23782 (GCVE-0-2024-23782)
Vulnerability from cvelistv5 – Published: 2024-01-28 23:09 – Updated: 2025-06-02 19:47
VLAI?
Summary
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege may execute an arbitrary script on the web browser of the user who accessed the website using the product.
Severity ?
5.4 (Medium)
CWE
- Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms Ver.3.1.x series |
Affected:
prior to Ver.3.1.7
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23782",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-29T16:03:01.341879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T19:47:56.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.7"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.29"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.58"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.50"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9.0 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege may execute an arbitrary script on the web browser of the user who accessed the website using the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-28T23:09:13.092Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23782",
"datePublished": "2024-01-28T23:09:13.092Z",
"dateReserved": "2024-01-22T07:59:48.826Z",
"dateUpdated": "2025-06-02T19:47:56.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23348 (GCVE-0-2024-23348)
Vulnerability from cvelistv5 – Published: 2024-01-23 09:39 – Updated: 2025-05-30 14:19
VLAI?
Summary
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file.
Severity ?
8.8 (High)
CWE
- Improper input validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms Ver.3.1.x series |
Affected:
prior to Ver.3.1.7
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T17:30:48.646555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:19:38.246Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.7"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.29"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.58"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.50"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9.0 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper input validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T09:39:14.190Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23348",
"datePublished": "2024-01-23T09:39:14.190Z",
"dateReserved": "2024-01-15T23:36:05.944Z",
"dateUpdated": "2025-05-30T14:19:38.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23183 (GCVE-0-2024-23183)
Vulnerability from cvelistv5 – Published: 2024-01-23 09:39 – Updated: 2025-06-20 19:11
VLAI?
Summary
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user's web browser.
Severity ?
5.4 (Medium)
CWE
- Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms Ver.3.1.x series |
Affected:
prior to Ver.3.1.7
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:31.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23183",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-23T14:26:51.427740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T19:11:32.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.7"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.29"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.58"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.50"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9.0 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user\u0027s web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T09:39:05.114Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23183",
"datePublished": "2024-01-23T09:39:05.114Z",
"dateReserved": "2024-01-12T05:24:51.969Z",
"dateUpdated": "2025-06-20T19:11:32.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23182 (GCVE-0-2024-23182)
Vulnerability from cvelistv5 – Published: 2024-01-23 09:38 – Updated: 2025-05-30 14:19
VLAI?
Summary
Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to delete arbitrary files on the server.
Severity ?
8.1 (High)
CWE
- Relative path traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms Ver.3.1.x series |
Affected:
prior to Ver.3.1.7
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T17:35:32.973909Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:19:44.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.7"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.29"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.58"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.50"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9.0 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to delete arbitrary files on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Relative path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T09:38:58.906Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23182",
"datePublished": "2024-01-23T09:38:58.906Z",
"dateReserved": "2024-01-12T05:24:51.969Z",
"dateUpdated": "2025-05-30T14:19:44.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27566 (GCVE-0-2025-27566)
Vulnerability from nvd – Published: 2025-05-19 08:09 – Updated: 2025-05-19 14:42
VLAI?
Summary
Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote authenticated attacker with the administrator privilege may obtain or delete any file on the server.
Severity ?
CWE
- CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms |
Affected:
prior to Ver. 3.1.43 (Ver. 3.1.x series)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T14:42:37.649183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T14:42:50.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver. 3.1.43 (Ver. 3.1.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver. 3.0.47 (Ver. 3.0.x series)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote authenticated attacker with the administrator privilege may obtain or delete any file on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T08:09:26.427Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVNVU-90760614.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90760614/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-27566",
"datePublished": "2025-05-19T08:09:26.427Z",
"dateReserved": "2025-05-12T23:37:57.129Z",
"dateUpdated": "2025-05-19T14:42:50.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32999 (GCVE-0-2025-32999)
Vulnerability from nvd – Published: 2025-05-19 08:08 – Updated: 2025-05-19 15:28
VLAI?
Summary
Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms |
Affected:
prior to Ver. 3.1.43 (Ver. 3.1.x series)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32999",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T15:28:29.608680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T15:28:40.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver. 3.1.43 (Ver. 3.1.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver. 3.0.47 (Ver. 3.0.x series)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T08:08:51.815Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVNVU-90760614.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90760614/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-32999",
"datePublished": "2025-05-19T08:08:51.815Z",
"dateReserved": "2025-05-12T23:37:56.186Z",
"dateUpdated": "2025-05-19T15:28:40.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36560 (GCVE-0-2025-36560)
Vulnerability from nvd – Published: 2025-05-19 08:08 – Updated: 2025-05-19 15:45
VLAI?
Summary
Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted request.
Severity ?
8.6 (High)
CWE
- CWE-918 - Server-side request forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms |
Affected:
Ver. 2.8.85 and earlier (Ver. 2.8.x series)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36560",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T15:45:12.728197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T15:45:37.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 2.8.85 and earlier (Ver. 2.8.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 3.1.43 and earlier (Ver. 3.1.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 3.0.47 and earlier (Ver. 3.0.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 2.11.75 and earlier (Ver. 2.11.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 2.10.63 and earlier (Ver. 2.10.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 2.9.52 and earlier (Ver. 2.9.x series)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted request."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-side request forgery (SSRF)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T08:08:00.732Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVNVU-90760614.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90760614/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-36560",
"datePublished": "2025-05-19T08:08:00.732Z",
"dateReserved": "2025-05-12T23:37:55.230Z",
"dateUpdated": "2025-05-19T15:45:37.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41429 (GCVE-0-2025-41429)
Vulnerability from nvd – Published: 2025-05-19 08:07 – Updated: 2025-05-19 15:46
VLAI?
Summary
a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session.
Severity ?
CWE
- CWE-117 - Improper output neutralization for logs
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms |
Affected:
Ver. 2.8.85 and earlier (Ver. 2.8.x series)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T15:46:16.181139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T15:46:29.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 2.8.85 and earlier (Ver. 2.8.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 3.1.43 and earlier (Ver. 3.1.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 3.0.47 and earlier (Ver. 3.0.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 2.11.75 and earlier (Ver. 2.11.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 2.10.63 and earlier (Ver. 2.10.x series)"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver. 2.9.52 and earlier (Ver. 2.9.x series)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user\u0027s session."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 2.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "Improper output neutralization for logs",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T08:07:38.068Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVNVU-90760614.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90760614/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-41429",
"datePublished": "2025-05-19T08:07:38.068Z",
"dateReserved": "2025-05-12T23:37:54.373Z",
"dateUpdated": "2025-05-19T15:46:29.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31395 (GCVE-0-2024-31395)
Vulnerability from nvd – Published: 2024-05-22 04:35 – Updated: 2024-10-31 14:53
VLAI?
Summary
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may execute an arbitrary script on the web browser of the user who accessed the schedule management page.
Severity ?
6.1 (Medium)
CWE
- Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms Ver.3.1.x series |
Affected:
prior to Ver.3.1.12
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T14:24:22.284116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T14:53:49.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN70977403/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.12"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.32"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.61"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.53"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may execute an arbitrary script on the web browser of the user who accessed the schedule management page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T04:35:37.216Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"
},
{
"url": "https://jvn.jp/en/jp/JVN70977403/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31395",
"datePublished": "2024-05-22T04:35:37.216Z",
"dateReserved": "2024-04-03T02:24:22.988Z",
"dateUpdated": "2024-10-31T14:53:49.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31394 (GCVE-0-2024-31394)
Vulnerability from nvd – Published: 2024-05-22 04:35 – Updated: 2025-03-27 15:03
VLAI?
Summary
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may obtain arbitrary files on the server.
Severity ?
6.5 (Medium)
CWE
- Directory traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms Ver.3.1.x series |
Affected:
prior to Ver.3.1.12
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T17:10:48.613952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:03:43.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN70977403/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.12"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.32"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.61"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.53"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may obtain arbitrary files on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T04:35:31.768Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"
},
{
"url": "https://jvn.jp/en/jp/JVN70977403/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31394",
"datePublished": "2024-05-22T04:35:31.768Z",
"dateReserved": "2024-04-03T02:24:22.988Z",
"dateUpdated": "2025-03-27T15:03:43.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30419 (GCVE-0-2024-30419)
Vulnerability from nvd – Published: 2024-05-22 04:35 – Updated: 2024-08-02 01:32
VLAI?
Summary
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege who can log in to the product may execute an arbitrary script on the web browser of the user who accessed the website using the product.
Severity ?
5.4 (Medium)
CWE
- Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms Ver.3.1.x series |
Affected:
prior to Ver.3.1.12
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "a-blog_cms",
"vendor": "appleple",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "3.1.0",
"versionType": "custom"
},
{
"lessThan": "3.0.32",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
},
{
"lessThan": "2.11.61",
"status": "affected",
"version": "2.11.0",
"versionType": "custom"
},
{
"lessThan": "2.10.53",
"status": "affected",
"version": "2.10.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-30419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T14:36:51.156737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T16:16:04.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:07.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN70977403/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.12"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.32"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.61"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.53"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege who can log in to the product may execute an arbitrary script on the web browser of the user who accessed the website using the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T04:35:09.652Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"
},
{
"url": "https://jvn.jp/en/jp/JVN70977403/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-30419",
"datePublished": "2024-05-22T04:35:09.652Z",
"dateReserved": "2024-03-27T03:59:36.078Z",
"dateUpdated": "2024-08-02T01:32:07.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27279 (GCVE-0-2024-27279)
Vulnerability from nvd – Published: 2024-03-12 08:19 – Updated: 2024-10-31 18:12
VLAI?
Summary
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with editor or higher privilege who can login to the product may obtain arbitrary files on the server including password files.
Severity ?
6.5 (Medium)
CWE
- Directory traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms Ver.3.1.x series |
Affected:
Ver.3.1.9 and earlier
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-48443978.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN48443978/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T20:11:57.193866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T18:12:32.261Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.3.1.9 and earlier"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.3.0.30 and earlier"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.11.59 and earlier"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.10.51 and earlier"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with editor or higher privilege who can login to the product may obtain arbitrary files on the server including password files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T08:19:48.705Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-48443978.html"
},
{
"url": "https://jvn.jp/en/jp/JVN48443978/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-27279",
"datePublished": "2024-03-12T08:19:48.705Z",
"dateReserved": "2024-02-22T02:26:33.074Z",
"dateUpdated": "2024-10-31T18:12:32.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25559 (GCVE-0-2024-25559)
Vulnerability from nvd – Published: 2024-02-15 04:32 – Updated: 2024-11-01 20:52
VLAI?
Summary
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log.
Severity ?
4.7 (Medium)
CWE
- User Interface (UI) Misrepresentation of Critical Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| appleple inc. | a-blog cms |
Affected:
Ver.3.1.0 to Ver.3.1.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-48966481.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN48966481/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T15:40:13.733974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T20:52:44.326Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.3.1.0 to Ver.3.1.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-15T04:32:37.608Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-48966481.html"
},
{
"url": "https://jvn.jp/en/jp/JVN48966481/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-25559",
"datePublished": "2024-02-15T04:32:37.608Z",
"dateReserved": "2024-02-08T01:35:27.596Z",
"dateUpdated": "2024-11-01T20:52:44.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23782 (GCVE-0-2024-23782)
Vulnerability from nvd – Published: 2024-01-28 23:09 – Updated: 2025-06-02 19:47
VLAI?
Summary
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege may execute an arbitrary script on the web browser of the user who accessed the website using the product.
Severity ?
5.4 (Medium)
CWE
- Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms Ver.3.1.x series |
Affected:
prior to Ver.3.1.7
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23782",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-29T16:03:01.341879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T19:47:56.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.7"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.29"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.58"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.50"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9.0 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege may execute an arbitrary script on the web browser of the user who accessed the website using the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-28T23:09:13.092Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23782",
"datePublished": "2024-01-28T23:09:13.092Z",
"dateReserved": "2024-01-22T07:59:48.826Z",
"dateUpdated": "2025-06-02T19:47:56.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23348 (GCVE-0-2024-23348)
Vulnerability from nvd – Published: 2024-01-23 09:39 – Updated: 2025-05-30 14:19
VLAI?
Summary
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file.
Severity ?
8.8 (High)
CWE
- Improper input validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms Ver.3.1.x series |
Affected:
prior to Ver.3.1.7
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T17:30:48.646555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:19:38.246Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.7"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.29"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.58"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.50"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9.0 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper input validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T09:39:14.190Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23348",
"datePublished": "2024-01-23T09:39:14.190Z",
"dateReserved": "2024-01-15T23:36:05.944Z",
"dateUpdated": "2025-05-30T14:19:38.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23183 (GCVE-0-2024-23183)
Vulnerability from nvd – Published: 2024-01-23 09:39 – Updated: 2025-06-20 19:11
VLAI?
Summary
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user's web browser.
Severity ?
5.4 (Medium)
CWE
- Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| appleple inc. | a-blog cms Ver.3.1.x series |
Affected:
prior to Ver.3.1.7
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:31.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23183",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-23T14:26:51.427740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T19:11:32.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.7"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.29"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.58"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.50"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9.0 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user\u0027s web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T09:39:05.114Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23183",
"datePublished": "2024-01-23T09:39:05.114Z",
"dateReserved": "2024-01-12T05:24:51.969Z",
"dateUpdated": "2025-06-20T19:11:32.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2025-005050
Vulnerability from jvndb - Published: 2025-05-15 18:11 - Updated:2025-05-15 18:11
Severity ?
Summary
Multiple vulnerabilities in a-blog cms
Details
a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.
- Path traversal (CWE-22)
- CVE-2025-27566
- This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege
- Cross-site scripting (CWE-79)
- CVE-2025-32999
- This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges
- Server-side request forgery (CWE-918)
- CVE-2025-36560
- Improper output neutralization for logs (CWE-117)
- CVE-2025-41429
References
| Type | URL | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-005050.html",
"dc:date": "2025-05-15T18:11+09:00",
"dcterms:issued": "2025-05-15T18:11+09:00",
"dcterms:modified": "2025-05-15T18:11+09:00",
"description": "a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\r\n\u003cli\u003ePath traversal (CWE-22)\u003c/li\u003e\r\n\u003cul\u003e\r\n\u003cli\u003eCVE-2025-27566\u003c/li\u003e\r\n\u003cli\u003eThis is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\n\u003cli\u003eCross-site scripting (CWE-79)\u003c/li\u003e\r\n\u003cul\u003e\r\n\u003cli\u003eCVE-2025-32999\u003c/li\u003e\r\n\u003cli\u003eThis issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\n\u003cli\u003eServer-side request forgery (CWE-918)\u003c/li\u003e\r\n\u003cul\u003e\u003cli\u003eCVE-2025-36560\u003c/li\u003e\u003c/ul\u003e\r\n\r\n\u003cli\u003eImproper output neutralization for logs (CWE-117)\u003c/li\u003e\r\n\u003cul\u003e\u003cli\u003eCVE-2025-41429\u003c/li\u003e\u003c/ul\u003e\r\n\r\nCVE-2025-27566, CVE-2025-32999\r\nhaidv35 (Dinh Viet Hai) reported these vulnerabilities to the developer and coordinated. After the coordination was completed, haidv35 (Dinh Viet Hai) reported the case to JPCERT/CC to notify users of the solution through JVN.\r\n\r\nCVE-2025-36560, CVE-2025-41429\r\nvcth4nh from VCSLab of Viettel Cyber Security (Vu Chi Thanh) reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-005050.html",
"sec:cpe": {
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "8.6",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-005050",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU90760614/index.html",
"@id": "JVNVU#90760614",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-27566",
"@id": "CVE-2025-27566",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-32999",
"@id": "CVE-2025-32999",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-36560",
"@id": "CVE-2025-36560",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-41429",
"@id": "CVE-2025-41429",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/117.html",
"@id": "CWE-117",
"@title": "Improper Output Neutralization for Logs(CWE-117)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/918.html",
"@id": "CWE-918",
"@title": "Server-Side Request Forgery (SSRF)(CWE-918)"
}
],
"title": "Multiple vulnerabilities in a-blog cms"
}
JVNDB-2025-000024
Vulnerability from jvndb - Published: 2025-03-28 10:46 - Updated:2025-03-28 10:46
Severity ?
Summary
a-blog cms vulnerable to untrusted data deserialization
Details
a-blog cms provided by appleple inc. contains untrusted data deserialization vulnerability (CWE-502).
The developer states that attacks exploiting the vulnerability has been observed on a-blog cms Ver.2.8.x series or later.
appleple inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and appleple inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000024.html",
"dc:date": "2025-03-28T10:46+09:00",
"dcterms:issued": "2025-03-28T10:46+09:00",
"dcterms:modified": "2025-03-28T10:46+09:00",
"description": "a-blog cms provided by appleple inc. contains untrusted data deserialization vulnerability (CWE-502).\r\n\r\nThe developer states that attacks exploiting the vulnerability has been observed on a-blog cms Ver.2.8.x series or later.\r\n\r\nappleple inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and appleple inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000024.html",
"sec:cpe": [
{
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000024",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN66982699/index.html",
"@id": "JVN#66982699",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-31103",
"@id": "CVE-2025-31103",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "a-blog cms vulnerable to untrusted data deserialization"
}
JVNDB-2024-000039
Vulnerability from jvndb - Published: 2024-04-10 13:55 - Updated:2024-04-10 13:55
Severity ?
Summary
Multiple vulnerabilities in a-blog cms
Details
a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.
* Stored cross-site scripting vulnerability in Entry editing pages (CWE-79) - CVE-2024-30419
* Server-side request forgery (CWE-918) - CVE-2024-30420
* Directory traversal (CWE-22) - CVE-2024-31394
* Stored cross-site scripting vulnerability in Schedule labeling pages (CWE-79) - CVE-2024-31395
* Code injection (CWE-94) - CVE-2024-31396
Rikuto Tauchi of sangi reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000039.html",
"dc:date": "2024-04-10T13:55+09:00",
"dcterms:issued": "2024-04-10T13:55+09:00",
"dcterms:modified": "2024-04-10T13:55+09:00",
"description": "a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.\r\n\r\n * Stored cross-site scripting vulnerability in Entry editing pages (CWE-79) - CVE-2024-30419\r\n * Server-side request forgery (CWE-918) - CVE-2024-30420\r\n * Directory traversal (CWE-22) - CVE-2024-31394\r\n * Stored cross-site scripting vulnerability in Schedule labeling pages (CWE-79) - CVE-2024-31395\r\n * Code injection (CWE-94) - CVE-2024-31396\r\n\r\nRikuto Tauchi of sangi reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000039.html",
"sec:cpe": {
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.6",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000039",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN70977403/index.html",
"@id": "JVN#70977403",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-30419",
"@id": "CVE-2024-30419",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-30420",
"@id": "CVE-2024-30420",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-31394",
"@id": "CVE-2024-31394",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-31395",
"@id": "CVE-2024-31395",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-31396",
"@id": "CVE-2024-31396",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in a-blog cms"
}
JVNDB-2024-000030
Vulnerability from jvndb - Published: 2024-03-08 15:27 - Updated:2024-03-08 15:27
Severity ?
Summary
a-blog cms vulnerable to directory traversal
Details
a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains a directory traversal vulnerability (CWE-22).
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000030.html",
"dc:date": "2024-03-08T15:27+09:00",
"dcterms:issued": "2024-03-08T15:27+09:00",
"dcterms:modified": "2024-03-08T15:27+09:00",
"description": "a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains a directory traversal vulnerability (CWE-22).\r\n\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000030.html",
"sec:cpe": {
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"@version": "2.0"
},
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000030",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN48443978/index.html",
"@id": "JVN#48443978",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27279",
"@id": "CVE-2024-27279",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "a-blog cms vulnerable to directory traversal"
}
JVNDB-2024-000019
Vulnerability from jvndb - Published: 2024-02-15 14:12 - Updated:2024-02-15 14:12
Severity ?
Summary
a-blog cms vulnerable to URL spoofing
Details
a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains an URL spoofing vulnerability (CWE-451).
Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000019.html",
"dc:date": "2024-02-15T14:12+09:00",
"dcterms:issued": "2024-02-15T14:12+09:00",
"dcterms:modified": "2024-02-15T14:12+09:00",
"description": "a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains an URL spoofing vulnerability (CWE-451).\r\n\r\nYuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000019.html",
"sec:cpe": {
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000019",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN48966481/index.html",
"@id": "JVN#48966481",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-25559",
"@id": "CVE-2024-25559",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "a-blog cms vulnerable to URL spoofing"
}