All the vulnerabilites related to appleple inc. - a-blog cms
jvndb-2022-000014
Vulnerability from jvndb
Published
2022-02-18 15:55
Modified
2022-02-18 15:55
Severity ?
Summary
Multiple vulnerabilities in a-blog cms
Details
a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.
* Cross-site scripting (CWE-79) - CVE-2022-24374
* Cross-site scripting (CWE-79) - CVE-2022-23916
* Template injection (CWE-1336) - CVE-2022-23810
* Authentication bypass (CWE-291) - CVE-2022-21142
CVE-2022-24374
iwama yuu of Secure Sky Technology Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2022-23916
Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2022-23810, CVE-2022-21142
hibiki moriyama of STNet, Incorporated reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| appleple inc. | a-blog cms |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000014.html",
"dc:date": "2022-02-18T15:55+09:00",
"dcterms:issued": "2022-02-18T15:55+09:00",
"dcterms:modified": "2022-02-18T15:55+09:00",
"description": "a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. \r\n* Cross-site scripting (CWE-79) - CVE-2022-24374\r\n* Cross-site scripting (CWE-79) - CVE-2022-23916\r\n* Template injection (CWE-1336) - CVE-2022-23810\r\n* Authentication bypass (CWE-291) - CVE-2022-21142\r\n\r\nCVE-2022-24374\r\niwama yuu of Secure Sky Technology Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2022-23916\r\nMasashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2022-23810, CVE-2022-21142\r\nhibiki moriyama of STNet, Incorporated reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000014.html",
"sec:cpe": {
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "5.6",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000014",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN14706307/index.html",
"@id": "JVN#14706307",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-24374",
"@id": "CVE-2022-24374",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-23916",
"@id": "CVE-2022-23916",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-23810",
"@id": "CVE-2022-23810",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-21142",
"@id": "CVE-2022-21142",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-21142",
"@id": "CVE-2022-21142",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-23810",
"@id": "CVE-2022-23810",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-23916",
"@id": "CVE-2022-23916",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-24374",
"@id": "CVE-2022-24374",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
}
],
"title": "Multiple vulnerabilities in a-blog cms"
}
jvndb-2024-000030
Vulnerability from jvndb
Published
2024-03-08 15:27
Modified
2024-03-08 15:27
Severity ?
Summary
a-blog cms vulnerable to directory traversal
Details
a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains a directory traversal vulnerability (CWE-22).
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN48443978/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-27279 | |
| Path Traversal(CWE-22) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| appleple inc. | a-blog cms |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000030.html",
"dc:date": "2024-03-08T15:27+09:00",
"dcterms:issued": "2024-03-08T15:27+09:00",
"dcterms:modified": "2024-03-08T15:27+09:00",
"description": "a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains a directory traversal vulnerability (CWE-22).\r\n\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000030.html",
"sec:cpe": {
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"@version": "2.0"
},
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000030",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN48443978/index.html",
"@id": "JVN#48443978",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27279",
"@id": "CVE-2024-27279",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "a-blog cms vulnerable to directory traversal"
}
jvndb-2024-000039
Vulnerability from jvndb
Published
2024-04-10 13:55
Modified
2024-04-10 13:55
Severity ?
Summary
Multiple vulnerabilities in a-blog cms
Details
a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.
* Stored cross-site scripting vulnerability in Entry editing pages (CWE-79) - CVE-2024-30419
* Server-side request forgery (CWE-918) - CVE-2024-30420
* Directory traversal (CWE-22) - CVE-2024-31394
* Stored cross-site scripting vulnerability in Schedule labeling pages (CWE-79) - CVE-2024-31395
* Code injection (CWE-94) - CVE-2024-31396
Rikuto Tauchi of sangi reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN70977403/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-30419 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-30420 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-31394 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-31395 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-31396 | |
| Path Traversal(CWE-22) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
| Code Injection(CWE-94) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
| No Mapping(CWE-Other) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| appleple inc. | a-blog cms |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000039.html",
"dc:date": "2024-04-10T13:55+09:00",
"dcterms:issued": "2024-04-10T13:55+09:00",
"dcterms:modified": "2024-04-10T13:55+09:00",
"description": "a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.\r\n\r\n * Stored cross-site scripting vulnerability in Entry editing pages (CWE-79) - CVE-2024-30419\r\n * Server-side request forgery (CWE-918) - CVE-2024-30420\r\n * Directory traversal (CWE-22) - CVE-2024-31394\r\n * Stored cross-site scripting vulnerability in Schedule labeling pages (CWE-79) - CVE-2024-31395\r\n * Code injection (CWE-94) - CVE-2024-31396\r\n\r\nRikuto Tauchi of sangi reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000039.html",
"sec:cpe": {
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.6",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000039",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN70977403/index.html",
"@id": "JVN#70977403",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-30419",
"@id": "CVE-2024-30419",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-30420",
"@id": "CVE-2024-30420",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-31394",
"@id": "CVE-2024-31394",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-31395",
"@id": "CVE-2024-31395",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-31396",
"@id": "CVE-2024-31396",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in a-blog cms"
}
jvndb-2016-000047
Vulnerability from jvndb
Published
2016-05-16 14:48
Modified
2017-05-23 13:44
Severity ?
Summary
a-blog cms vulnerable to session management
Details
a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains a vulnerability in session management of the comment functionality.
Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| appleple inc. | a-blog cms |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000047.html",
"dc:date": "2017-05-23T13:44+09:00",
"dcterms:issued": "2016-05-16T14:48+09:00",
"dcterms:modified": "2017-05-23T13:44+09:00",
"description": "a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains a vulnerability in session management of the comment functionality.\r\n\r\nYuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000047.html",
"sec:cpe": {
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000047",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN03975805/index.html",
"@id": "JVN#03975805",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1178",
"@id": "CVE-2016-1178",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1178",
"@id": "CVE-2016-1178",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "a-blog cms vulnerable to session management"
}
jvndb-2024-000019
Vulnerability from jvndb
Published
2024-02-15 14:12
Modified
2024-02-15 14:12
Severity ?
Summary
a-blog cms vulnerable to URL spoofing
Details
a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains an URL spoofing vulnerability (CWE-451).
Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN48966481/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-25559 | |
| No Mapping(CWE-Other) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| appleple inc. | a-blog cms |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000019.html",
"dc:date": "2024-02-15T14:12+09:00",
"dcterms:issued": "2024-02-15T14:12+09:00",
"dcterms:modified": "2024-02-15T14:12+09:00",
"description": "a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains an URL spoofing vulnerability (CWE-451).\r\n\r\nYuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000019.html",
"sec:cpe": {
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000019",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN48966481/index.html",
"@id": "JVN#48966481",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-25559",
"@id": "CVE-2024-25559",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "a-blog cms vulnerable to URL spoofing"
}
jvndb-2016-000046
Vulnerability from jvndb
Published
2016-05-16 14:48
Modified
2017-05-23 13:44
Severity ?
Summary
a-blog cms vulnerable to cross-site scripting
Details
a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains a cross-site scripting vulnerability in the standard template of the comment functionality.
Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN73166466/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1179 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-1179 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| appleple inc. | a-blog cms |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000046.html",
"dc:date": "2017-05-23T13:44+09:00",
"dcterms:issued": "2016-05-16T14:48+09:00",
"dcterms:modified": "2017-05-23T13:44+09:00",
"description": "a-blog cms provided by appleple Inc. is a content management system (CMS). a-blog cms contains a cross-site scripting vulnerability in the standard template of the comment functionality.\r\n\r\nYuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000046.html",
"sec:cpe": {
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000046",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN73166466/index.html",
"@id": "JVN#73166466",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1179",
"@id": "CVE-2016-1179",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1179",
"@id": "CVE-2016-1179",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "a-blog cms vulnerable to cross-site scripting"
}
jvndb-2024-000011
Vulnerability from jvndb
Published
2024-01-22 15:08
Modified
2024-03-13 17:50
Severity ?
Summary
Multiple vulnerabilities in a-blog cms
Details
a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.<ul><li>Improper input validation (CWE-20) - CVE-2024-23180</li><li>Cross-site scripting (CWE-79) - CVE-2024-23181</li><li>Relative path traversal (CWE-23) - CVE-2024-23182</li><li>Cross-site scripting (CWE-79) - CVE-2024-23183</li><li>Improper input validation (CWE-20) - CVE-2024-23348</li><li>Cross-site scripting (CWE-79) - CVE-2024-23782</li></ul>
CVE-2024-23180
Naoya Miyaguchi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-23181
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-23182, CVE-2024-23183
Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-23348, CVE-2024-23782
Yuta Morioka of Information Science College reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| appleple inc. | a-blog cms |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000011.html",
"dc:date": "2024-03-13T17:50+09:00",
"dcterms:issued": "2024-01-22T15:08+09:00",
"dcterms:modified": "2024-03-13T17:50+09:00",
"description": "a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eImproper input validation (CWE-20) - CVE-2024-23180\u003c/li\u003e\u003cli\u003eCross-site scripting (CWE-79) - CVE-2024-23181\u003c/li\u003e\u003cli\u003eRelative path traversal (CWE-23) - CVE-2024-23182\u003c/li\u003e\u003cli\u003eCross-site scripting (CWE-79) - CVE-2024-23183\u003c/li\u003e\u003cli\u003eImproper input validation (CWE-20) - CVE-2024-23348\u003c/li\u003e\u003cli\u003eCross-site scripting (CWE-79) - CVE-2024-23782\u003c/li\u003e\u003c/ul\u003e\r\n\r\n\r\nCVE-2024-23180\r\nNaoya Miyaguchi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-23181\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-23182, CVE-2024-23183\r\nYuji Tounai of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-23348, CVE-2024-23782\r\nYuta Morioka of Information Science College reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000011.html",
"sec:cpe": {
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000011",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN34565930/index.html",
"@id": "JVN#34565930",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-23180",
"@id": "CVE-2024-23180",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-23181",
"@id": "CVE-2024-23181",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-23182",
"@id": "CVE-2024-23182",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-23183",
"@id": "CVE-2024-23183",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-23348",
"@id": "CVE-2024-23348",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-23782",
"@id": "CVE-2024-23782",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-23180",
"@id": "CVE-2024-23180",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-23181",
"@id": "CVE-2024-23181",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-23182",
"@id": "CVE-2024-23182",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-23183",
"@id": "CVE-2024-23183",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-23348",
"@id": "CVE-2024-23348",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-23782",
"@id": "CVE-2024-23782",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/23.html",
"@id": "CWE-23",
"@title": "Relative Path Traversal(CWE-23)"
}
],
"title": "Multiple vulnerabilities in a-blog cms"
}
jvndb-2019-000078
Vulnerability from jvndb
Published
2019-12-20 15:43
Modified
2019-12-20 15:43
Severity ?
Summary
Multiple vulnerabilities in a-blog cms
Details
a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.
* Reflected cross-site scripting (CWE-79) - CVE-2019-6033
* Script injection due to a flaw in processing cookie (CWE-74) - CVE-2019-6034
Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| appleple inc. | a-blog cms |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000078.html",
"dc:date": "2019-12-20T15:43+09:00",
"dcterms:issued": "2019-12-20T15:43+09:00",
"dcterms:modified": "2019-12-20T15:43+09:00",
"description": "a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. \r\n* Reflected cross-site scripting (CWE-79) - CVE-2019-6033\r\n* Script injection due to a flaw in processing cookie (CWE-74) - CVE-2019-6034\r\n\r\nYuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000078.html",
"sec:cpe": {
"#text": "cpe:/a:appleple:a-blog_cms",
"@product": "a-blog cms",
"@vendor": "appleple inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000078",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN10377257/index.html",
"@id": "JVN#10377257",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6033",
"@id": "CVE-2019-6033",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6034",
"@id": "CVE-2019-6034",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6033",
"@id": "CVE-2019-6033",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6034",
"@id": "CVE-2019-6034",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in a-blog cms"
}
cve-2022-21142
Vulnerability from cvelistv5
Published
2022-02-24 09:50
Modified
2024-08-03 02:31
Severity ?
EPSS score ?
Summary
Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a remote unauthenticated attacker to bypass authentication under the specific condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.a-blogcms.jp/blog/news/security-202202.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN14706307/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| appleple inc. | a-blog cms |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/security-202202.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN14706307/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a remote unauthenticated attacker to bypass authentication under the specific condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-24T09:50:25",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.a-blogcms.jp/blog/news/security-202202.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN14706307/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-21142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "a-blog cms",
"version": {
"version_data": [
{
"version_value": "Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41"
}
]
}
}
]
},
"vendor_name": "appleple inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a remote unauthenticated attacker to bypass authentication under the specific condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.a-blogcms.jp/blog/news/security-202202.html",
"refsource": "MISC",
"url": "https://developer.a-blogcms.jp/blog/news/security-202202.html"
},
{
"name": "https://jvn.jp/en/jp/JVN14706307/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN14706307/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-21142",
"datePublished": "2022-02-24T09:50:26",
"dateReserved": "2022-02-16T00:00:00",
"dateUpdated": "2024-08-03T02:31:59.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31395
Vulnerability from cvelistv5
Published
2024-05-22 04:35
Modified
2024-10-31 14:53
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may execute an arbitrary script on the web browser of the user who accessed the schedule management page.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T14:24:22.284116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T14:53:49.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN70977403/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.12"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.32"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.61"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.53"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may execute an arbitrary script on the web browser of the user who accessed the schedule management page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T04:35:37.216Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"
},
{
"url": "https://jvn.jp/en/jp/JVN70977403/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31395",
"datePublished": "2024-05-22T04:35:37.216Z",
"dateReserved": "2024-04-03T02:24:22.988Z",
"dateUpdated": "2024-10-31T14:53:49.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31394
Vulnerability from cvelistv5
Published
2024-05-22 04:35
Modified
2024-08-02 01:52
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may obtain arbitrary files on the server.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T17:10:48.613952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:08.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN70977403/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.12"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.32"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.61"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.53"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may obtain arbitrary files on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T04:35:31.768Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"
},
{
"url": "https://jvn.jp/en/jp/JVN70977403/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31394",
"datePublished": "2024-05-22T04:35:31.768Z",
"dateReserved": "2024-04-03T02:24:22.988Z",
"dateUpdated": "2024-08-02T01:52:56.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23782
Vulnerability from cvelistv5
Published
2024-01-28 23:09
Modified
2024-08-01 23:13
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege may execute an arbitrary script on the web browser of the user who accessed the website using the product.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.7"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.29"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.58"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.50"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9.0 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege may execute an arbitrary script on the web browser of the user who accessed the website using the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-28T23:09:13.092Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23782",
"datePublished": "2024-01-28T23:09:13.092Z",
"dateReserved": "2024-01-22T07:59:48.826Z",
"dateUpdated": "2024-08-01T23:13:08.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24374
Vulnerability from cvelistv5
Published
2022-02-24 09:50
Modified
2024-08-03 04:07
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-23916.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.a-blogcms.jp/blog/news/security-202202.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN14706307/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| appleple inc. | a-blog cms |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/security-202202.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN14706307/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-23916."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-24T09:50:32",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.a-blogcms.jp/blog/news/security-202202.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN14706307/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-24374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "a-blog cms",
"version": {
"version_data": [
{
"version_value": "Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1"
}
]
}
}
]
},
"vendor_name": "appleple inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-23916."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.a-blogcms.jp/blog/news/security-202202.html",
"refsource": "MISC",
"url": "https://developer.a-blogcms.jp/blog/news/security-202202.html"
},
{
"name": "https://jvn.jp/en/jp/JVN14706307/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN14706307/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-24374",
"datePublished": "2022-02-24T09:50:32",
"dateReserved": "2022-02-16T00:00:00",
"dateUpdated": "2024-08-03T04:07:02.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-25559
Vulnerability from cvelistv5
Published
2024-02-15 04:32
Modified
2024-11-01 20:52
Severity ?
EPSS score ?
Summary
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| appleple inc. | a-blog cms |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-48966481.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN48966481/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T15:40:13.733974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T20:52:44.326Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.3.1.0 to Ver.3.1.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-15T04:32:37.608Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-48966481.html"
},
{
"url": "https://jvn.jp/en/jp/JVN48966481/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-25559",
"datePublished": "2024-02-15T04:32:37.608Z",
"dateReserved": "2024-02-08T01:35:27.596Z",
"dateUpdated": "2024-11-01T20:52:44.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23810
Vulnerability from cvelistv5
Published
2022-02-24 09:50
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to obtain an arbitrary file on the server via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.a-blogcms.jp/blog/news/security-202202.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN14706307/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| appleple inc. | a-blog cms |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/security-202202.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN14706307/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to obtain an arbitrary file on the server via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Template injection (Improper Neutralization of Special Elements Used in a Template Engine)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-24T09:50:28",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.a-blogcms.jp/blog/news/security-202202.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN14706307/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-23810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "a-blog cms",
"version": {
"version_data": [
{
"version_value": "Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1"
}
]
}
}
]
},
"vendor_name": "appleple inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to obtain an arbitrary file on the server via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Template injection (Improper Neutralization of Special Elements Used in a Template Engine)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.a-blogcms.jp/blog/news/security-202202.html",
"refsource": "MISC",
"url": "https://developer.a-blogcms.jp/blog/news/security-202202.html"
},
{
"name": "https://jvn.jp/en/jp/JVN14706307/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN14706307/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-23810",
"datePublished": "2022-02-24T09:50:28",
"dateReserved": "2022-02-16T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6033
Vulnerability from cvelistv5
Published
2019-12-26 15:16
Modified
2024-08-04 20:16
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.a-blogcms.jp/download/legacy.html | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN10377257/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| appleple inc. | a-blog cms |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/download/legacy.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN10377257/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-26T15:16:50",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.a-blogcms.jp/download/legacy.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN10377257/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "a-blog cms",
"version": {
"version_data": [
{
"version_value": "versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x)"
}
]
}
}
]
},
"vendor_name": "appleple inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.a-blogcms.jp/download/legacy.html",
"refsource": "MISC",
"url": "https://developer.a-blogcms.jp/download/legacy.html"
},
{
"name": "http://jvn.jp/en/jp/JVN10377257/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN10377257/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6033",
"datePublished": "2019-12-26T15:16:50",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:16:24.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-27279
Vulnerability from cvelistv5
Published
2024-03-12 08:19
Modified
2024-10-31 18:12
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with editor or higher privilege who can login to the product may obtain arbitrary files on the server including password files.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-48443978.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN48443978/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T20:11:57.193866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T18:12:32.261Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.3.1.9 and earlier"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.3.0.30 and earlier"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.11.59 and earlier"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.10.51 and earlier"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with editor or higher privilege who can login to the product may obtain arbitrary files on the server including password files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T08:19:48.705Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-48443978.html"
},
{
"url": "https://jvn.jp/en/jp/JVN48443978/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-27279",
"datePublished": "2024-03-12T08:19:48.705Z",
"dateReserved": "2024-02-22T02:26:33.074Z",
"dateUpdated": "2024-10-31T18:12:32.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23183
Vulnerability from cvelistv5
Published
2024-01-23 09:39
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user's web browser.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:31.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.7"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.29"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.58"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.50"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9.0 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user\u0027s web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T09:39:05.114Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23183",
"datePublished": "2024-01-23T09:39:05.114Z",
"dateReserved": "2024-01-12T05:24:51.969Z",
"dateUpdated": "2024-08-01T22:59:31.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6034
Vulnerability from cvelistv5
Published
2019-12-26 15:16
Modified
2024-08-04 20:16
Severity ?
EPSS score ?
Summary
a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.a-blogcms.jp/download/legacy.html | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN10377257/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| appleple inc. | a-blog cms |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/download/legacy.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN10377257/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Script injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-26T15:16:50",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.a-blogcms.jp/download/legacy.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN10377257/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "a-blog cms",
"version": {
"version_data": [
{
"version_value": "versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x)"
}
]
}
}
]
},
"vendor_name": "appleple inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Script injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.a-blogcms.jp/download/legacy.html",
"refsource": "MISC",
"url": "https://developer.a-blogcms.jp/download/legacy.html"
},
{
"name": "http://jvn.jp/en/jp/JVN10377257/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN10377257/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6034",
"datePublished": "2019-12-26T15:16:50",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:16:23.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23916
Vulnerability from cvelistv5
Published
2022-02-24 09:50
Modified
2024-08-03 03:59
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.a-blogcms.jp/blog/news/security-202202.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN14706307/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| appleple inc. | a-blog cms |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:22.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/security-202202.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN14706307/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-24T09:50:30",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.a-blogcms.jp/blog/news/security-202202.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN14706307/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-23916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "a-blog cms",
"version": {
"version_data": [
{
"version_value": "Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1"
}
]
}
}
]
},
"vendor_name": "appleple inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.a-blogcms.jp/blog/news/security-202202.html",
"refsource": "MISC",
"url": "https://developer.a-blogcms.jp/blog/news/security-202202.html"
},
{
"name": "https://jvn.jp/en/jp/JVN14706307/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN14706307/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-23916",
"datePublished": "2022-02-24T09:50:30",
"dateReserved": "2022-02-16T00:00:00",
"dateUpdated": "2024-08-03T03:59:22.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23348
Vulnerability from cvelistv5
Published
2024-01-23 09:39
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.7"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.29"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.58"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.50"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9.0 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper input validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T09:39:14.190Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23348",
"datePublished": "2024-01-23T09:39:14.190Z",
"dateReserved": "2024-01-15T23:36:05.944Z",
"dateUpdated": "2024-08-01T22:59:32.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23180
Vulnerability from cvelistv5
Published
2024-01-23 09:37
Modified
2024-11-13 16:26
Severity ?
EPSS score ?
Summary
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:31.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23180",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-26T16:26:53.058447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T16:26:19.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.7"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.29"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.58"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.50"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9.0 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper input validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T09:37:22.303Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23180",
"datePublished": "2024-01-23T09:37:22.303Z",
"dateReserved": "2024-01-12T05:24:51.968Z",
"dateUpdated": "2024-11-13T16:26:19.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23182
Vulnerability from cvelistv5
Published
2024-01-23 09:38
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to delete arbitrary files on the server.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.7"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.29"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.58"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.50"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9.0 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to delete arbitrary files on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Relative path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T09:38:58.906Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23182",
"datePublished": "2024-01-23T09:38:58.906Z",
"dateReserved": "2024-01-12T05:24:51.969Z",
"dateUpdated": "2024-08-01T22:59:32.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23181
Vulnerability from cvelistv5
Published
2024-01-23 09:38
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user's web browser.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.7"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.29"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.58"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.50"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9.0 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user\u0027s web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T09:38:08.211Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-34565930.html"
},
{
"url": "https://jvn.jp/en/jp/JVN34565930/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23181",
"datePublished": "2024-01-23T09:38:08.211Z",
"dateReserved": "2024-01-12T05:24:51.969Z",
"dateUpdated": "2024-08-01T22:59:32.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-30419
Vulnerability from cvelistv5
Published
2024-05-22 04:35
Modified
2024-08-02 01:32
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege who can log in to the product may execute an arbitrary script on the web browser of the user who accessed the website using the product.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "a-blog_cms",
"vendor": "appleple",
"versions": [
{
"lessThan": "3.1.12",
"status": "affected",
"version": "3.1.0",
"versionType": "custom"
},
{
"lessThan": "3.0.32",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
},
{
"lessThan": "2.11.61",
"status": "affected",
"version": "2.11.0",
"versionType": "custom"
},
{
"lessThan": "2.10.53",
"status": "affected",
"version": "2.10.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-30419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T14:36:51.156737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T16:16:04.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:07.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN70977403/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms Ver.3.1.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.12"
}
]
},
{
"product": "a-blog cms Ver.3.0.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.32"
}
]
},
{
"product": "a-blog cms Ver.2.11.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.61"
}
]
},
{
"product": "a-blog cms Ver.2.10.x series",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.53"
}
]
},
{
"product": "a-blog cms",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "Ver.2.9 and earlier "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege who can log in to the product may execute an arbitrary script on the web browser of the user who accessed the website using the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T04:35:09.652Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"
},
{
"url": "https://jvn.jp/en/jp/JVN70977403/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-30419",
"datePublished": "2024-05-22T04:35:09.652Z",
"dateReserved": "2024-03-27T03:59:36.078Z",
"dateUpdated": "2024-08-02T01:32:07.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}