Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
17 vulnerabilities by Kajitori Co.,Ltd
CVE-2024-47793 (GCVE-0-2024-47793)
Vulnerability from nvd – Published: 2024-10-18 06:05 – Updated: 2024-10-18 16:32
VLAI
EPSS
VEX
Summary
Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns (column type: images or files), an arbitrary script may be executed on the web browser of the user.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Kajitori Co.,Ltd | Exment |
Affected:
v6.1.4 and earlier
|
|
| Kajitori Co.,Ltd | Exment |
Affected:
v5.0.11 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T16:31:44.838925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T16:32:09.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Exment",
"vendor": "Kajitori Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "v6.1.4 and earlier"
}
]
},
{
"product": "Exment",
"vendor": "Kajitori Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "v5.0.11 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns (column type: images or files), an arbitrary script may be executed on the web browser of the user."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T06:05:11.833Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://exment.net/vulnerability-correspondence-version-6-1-5-and-5-0-12-released/"
},
{
"url": "https://exment.net/docs/#/weakness/20241010"
},
{
"url": "https://jvn.jp/en/jp/JVN74538317/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47793",
"datePublished": "2024-10-18T06:05:11.833Z",
"dateReserved": "2024-10-03T07:09:45.540Z",
"dateUpdated": "2024-10-18T16:32:09.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46897 (GCVE-0-2024-46897)
Vulnerability from nvd – Published: 2024-10-18 06:03 – Updated: 2024-10-18 16:32
VLAI
EPSS
VEX
Summary
Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect permission assignment for critical resource
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Kajitori Co.,Ltd | Exment |
Affected:
v6.1.4 and earlier
|
|
| Kajitori Co.,Ltd | Exment |
Affected:
v5.0.11 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T16:32:48.441028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T16:32:55.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Exment",
"vendor": "Kajitori Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "v6.1.4 and earlier"
}
]
},
{
"product": "Exment",
"vendor": "Kajitori Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "v5.0.11 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "Incorrect permission assignment for critical resource",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T06:03:40.573Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://exment.net/vulnerability-correspondence-version-6-1-5-and-5-0-12-released/"
},
{
"url": "https://exment.net/docs/#/weakness/20241010_2"
},
{
"url": "https://jvn.jp/en/jp/JVN74538317/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-46897",
"datePublished": "2024-10-18T06:03:40.573Z",
"dateReserved": "2024-10-03T07:09:44.720Z",
"dateUpdated": "2024-10-18T16:32:55.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38089 (GCVE-0-2022-38089)
Vulnerability from nvd – Published: 2022-08-24 08:41 – Updated: 2024-08-03 10:45
VLAI
EPSS
VEX
Summary
Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exment.net/docs/#/weakness/20220817 | x_refsource_MISC |
| https://exment.net/docs/#/release_note?id=v503-20220817 | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN46239102/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kajitori Co.,Ltd | Exment |
Affected:
(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exment.net/docs/#/weakness/20220817"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exment.net/docs/#/release_note?id=v503-20220817"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN46239102/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exment",
"vendor": "Kajitori Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T08:41:29.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exment.net/docs/#/weakness/20220817"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exment.net/docs/#/release_note?id=v503-20220817"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN46239102/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-38089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exment",
"version": {
"version_data": [
{
"version_value": "(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier"
}
]
}
}
]
},
"vendor_name": "Kajitori Co.,Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exment.net/docs/#/weakness/20220817",
"refsource": "MISC",
"url": "https://exment.net/docs/#/weakness/20220817"
},
{
"name": "https://exment.net/docs/#/release_note?id=v503-20220817",
"refsource": "MISC",
"url": "https://exment.net/docs/#/release_note?id=v503-20220817"
},
{
"name": "https://jvn.jp/en/jp/JVN46239102/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN46239102/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-38089",
"datePublished": "2022-08-24T08:41:29.000Z",
"dateReserved": "2022-08-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:45:52.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38080 (GCVE-0-2022-38080)
Vulnerability from nvd – Published: 2022-08-24 08:41 – Updated: 2024-08-03 10:45
VLAI
EPSS
VEX
Summary
Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exment.net/docs/#/weakness/20220817 | x_refsource_MISC |
| https://exment.net/docs/#/release_note?id=v503-20220817 | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN46239102/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kajitori Co.,Ltd | Exment |
Affected:
(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exment.net/docs/#/weakness/20220817"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exment.net/docs/#/release_note?id=v503-20220817"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN46239102/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exment",
"vendor": "Kajitori Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T08:41:07.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exment.net/docs/#/weakness/20220817"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exment.net/docs/#/release_note?id=v503-20220817"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN46239102/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-38080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exment",
"version": {
"version_data": [
{
"version_value": "(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier"
}
]
}
}
]
},
"vendor_name": "Kajitori Co.,Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exment.net/docs/#/weakness/20220817",
"refsource": "MISC",
"url": "https://exment.net/docs/#/weakness/20220817"
},
{
"name": "https://exment.net/docs/#/release_note?id=v503-20220817",
"refsource": "MISC",
"url": "https://exment.net/docs/#/release_note?id=v503-20220817"
},
{
"name": "https://jvn.jp/en/jp/JVN46239102/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN46239102/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-38080",
"datePublished": "2022-08-24T08:41:07.000Z",
"dateReserved": "2022-08-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:45:52.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37333 (GCVE-0-2022-37333)
Vulnerability from nvd – Published: 2022-08-24 08:40 – Updated: 2024-08-03 10:29
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands.
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exment.net/docs/#/weakness/20220817 | x_refsource_MISC |
| https://exment.net/docs/#/release_note?id=v503-20220817 | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN46239102/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kajitori Co.,Ltd | Exment |
Affected:
(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:20.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exment.net/docs/#/weakness/20220817"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exment.net/docs/#/release_note?id=v503-20220817"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN46239102/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exment",
"vendor": "Kajitori Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T08:40:18.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exment.net/docs/#/weakness/20220817"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exment.net/docs/#/release_note?id=v503-20220817"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN46239102/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-37333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exment",
"version": {
"version_data": [
{
"version_value": "(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier"
}
]
}
}
]
},
"vendor_name": "Kajitori Co.,Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exment.net/docs/#/weakness/20220817",
"refsource": "MISC",
"url": "https://exment.net/docs/#/weakness/20220817"
},
{
"name": "https://exment.net/docs/#/release_note?id=v503-20220817",
"refsource": "MISC",
"url": "https://exment.net/docs/#/release_note?id=v503-20220817"
},
{
"name": "https://jvn.jp/en/jp/JVN46239102/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN46239102/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-37333",
"datePublished": "2022-08-24T08:40:18.000Z",
"dateReserved": "2022-08-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:20.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5620 (GCVE-0-2020-5620)
Vulnerability from nvd – Published: 2020-08-25 02:20 – Updated: 2024-08-04 08:39
VLAI
EPSS
VEX
Summary
Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exment.net/docs/#/weakness/20200819 | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN88315581/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kajitori Co.,Ltd | Exment |
Affected:
prior to v3.6.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exment.net/docs/#/weakness/20200819"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN88315581/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exment",
"vendor": "Kajitori Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "prior to v3.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-25T02:20:22.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exment.net/docs/#/weakness/20200819"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN88315581/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exment",
"version": {
"version_data": [
{
"version_value": "prior to v3.6.0"
}
]
}
}
]
},
"vendor_name": "Kajitori Co.,Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exment.net/docs/#/weakness/20200819",
"refsource": "MISC",
"url": "https://exment.net/docs/#/weakness/20200819"
},
{
"name": "https://jvn.jp/en/jp/JVN88315581/",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN88315581/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5620",
"datePublished": "2020-08-25T02:20:22.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5619 (GCVE-0-2020-5619)
Vulnerability from nvd – Published: 2020-08-25 02:20 – Updated: 2024-08-04 08:39
VLAI
EPSS
VEX
Summary
Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exment.net/docs/#/weakness/20200819 | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN88315581/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kajitori Co.,Ltd | Exment |
Affected:
prior to v3.6.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:23.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exment.net/docs/#/weakness/20200819"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN88315581/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exment",
"vendor": "Kajitori Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "prior to v3.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-25T02:20:22.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exment.net/docs/#/weakness/20200819"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN88315581/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exment",
"version": {
"version_data": [
{
"version_value": "prior to v3.6.0"
}
]
}
}
]
},
"vendor_name": "Kajitori Co.,Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exment.net/docs/#/weakness/20200819",
"refsource": "MISC",
"url": "https://exment.net/docs/#/weakness/20200819"
},
{
"name": "https://jvn.jp/en/jp/JVN88315581/",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN88315581/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5619",
"datePublished": "2020-08-25T02:20:22.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:23.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47793 (GCVE-0-2024-47793)
Vulnerability from cvelistv5 – Published: 2024-10-18 06:05 – Updated: 2024-10-18 16:32
VLAI
EPSS
VEX
Summary
Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns (column type: images or files), an arbitrary script may be executed on the web browser of the user.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Kajitori Co.,Ltd | Exment |
Affected:
v6.1.4 and earlier
|
|
| Kajitori Co.,Ltd | Exment |
Affected:
v5.0.11 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T16:31:44.838925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T16:32:09.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Exment",
"vendor": "Kajitori Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "v6.1.4 and earlier"
}
]
},
{
"product": "Exment",
"vendor": "Kajitori Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "v5.0.11 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns (column type: images or files), an arbitrary script may be executed on the web browser of the user."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T06:05:11.833Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://exment.net/vulnerability-correspondence-version-6-1-5-and-5-0-12-released/"
},
{
"url": "https://exment.net/docs/#/weakness/20241010"
},
{
"url": "https://jvn.jp/en/jp/JVN74538317/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47793",
"datePublished": "2024-10-18T06:05:11.833Z",
"dateReserved": "2024-10-03T07:09:45.540Z",
"dateUpdated": "2024-10-18T16:32:09.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46897 (GCVE-0-2024-46897)
Vulnerability from cvelistv5 – Published: 2024-10-18 06:03 – Updated: 2024-10-18 16:32
VLAI
EPSS
VEX
Summary
Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect permission assignment for critical resource
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Kajitori Co.,Ltd | Exment |
Affected:
v6.1.4 and earlier
|
|
| Kajitori Co.,Ltd | Exment |
Affected:
v5.0.11 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T16:32:48.441028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T16:32:55.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Exment",
"vendor": "Kajitori Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "v6.1.4 and earlier"
}
]
},
{
"product": "Exment",
"vendor": "Kajitori Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "v5.0.11 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "Incorrect permission assignment for critical resource",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T06:03:40.573Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://exment.net/vulnerability-correspondence-version-6-1-5-and-5-0-12-released/"
},
{
"url": "https://exment.net/docs/#/weakness/20241010_2"
},
{
"url": "https://jvn.jp/en/jp/JVN74538317/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-46897",
"datePublished": "2024-10-18T06:03:40.573Z",
"dateReserved": "2024-10-03T07:09:44.720Z",
"dateUpdated": "2024-10-18T16:32:55.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38089 (GCVE-0-2022-38089)
Vulnerability from cvelistv5 – Published: 2022-08-24 08:41 – Updated: 2024-08-03 10:45
VLAI
EPSS
VEX
Summary
Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exment.net/docs/#/weakness/20220817 | x_refsource_MISC |
| https://exment.net/docs/#/release_note?id=v503-20220817 | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN46239102/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kajitori Co.,Ltd | Exment |
Affected:
(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exment.net/docs/#/weakness/20220817"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exment.net/docs/#/release_note?id=v503-20220817"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN46239102/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exment",
"vendor": "Kajitori Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T08:41:29.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exment.net/docs/#/weakness/20220817"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exment.net/docs/#/release_note?id=v503-20220817"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN46239102/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-38089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exment",
"version": {
"version_data": [
{
"version_value": "(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier"
}
]
}
}
]
},
"vendor_name": "Kajitori Co.,Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exment.net/docs/#/weakness/20220817",
"refsource": "MISC",
"url": "https://exment.net/docs/#/weakness/20220817"
},
{
"name": "https://exment.net/docs/#/release_note?id=v503-20220817",
"refsource": "MISC",
"url": "https://exment.net/docs/#/release_note?id=v503-20220817"
},
{
"name": "https://jvn.jp/en/jp/JVN46239102/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN46239102/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-38089",
"datePublished": "2022-08-24T08:41:29.000Z",
"dateReserved": "2022-08-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:45:52.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38080 (GCVE-0-2022-38080)
Vulnerability from cvelistv5 – Published: 2022-08-24 08:41 – Updated: 2024-08-03 10:45
VLAI
EPSS
VEX
Summary
Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exment.net/docs/#/weakness/20220817 | x_refsource_MISC |
| https://exment.net/docs/#/release_note?id=v503-20220817 | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN46239102/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kajitori Co.,Ltd | Exment |
Affected:
(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exment.net/docs/#/weakness/20220817"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exment.net/docs/#/release_note?id=v503-20220817"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN46239102/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exment",
"vendor": "Kajitori Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T08:41:07.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exment.net/docs/#/weakness/20220817"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exment.net/docs/#/release_note?id=v503-20220817"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN46239102/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-38080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exment",
"version": {
"version_data": [
{
"version_value": "(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier"
}
]
}
}
]
},
"vendor_name": "Kajitori Co.,Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exment.net/docs/#/weakness/20220817",
"refsource": "MISC",
"url": "https://exment.net/docs/#/weakness/20220817"
},
{
"name": "https://exment.net/docs/#/release_note?id=v503-20220817",
"refsource": "MISC",
"url": "https://exment.net/docs/#/release_note?id=v503-20220817"
},
{
"name": "https://jvn.jp/en/jp/JVN46239102/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN46239102/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-38080",
"datePublished": "2022-08-24T08:41:07.000Z",
"dateReserved": "2022-08-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:45:52.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37333 (GCVE-0-2022-37333)
Vulnerability from cvelistv5 – Published: 2022-08-24 08:40 – Updated: 2024-08-03 10:29
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands.
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exment.net/docs/#/weakness/20220817 | x_refsource_MISC |
| https://exment.net/docs/#/release_note?id=v503-20220817 | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN46239102/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kajitori Co.,Ltd | Exment |
Affected:
(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:20.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exment.net/docs/#/weakness/20220817"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exment.net/docs/#/release_note?id=v503-20220817"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN46239102/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exment",
"vendor": "Kajitori Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T08:40:18.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exment.net/docs/#/weakness/20220817"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exment.net/docs/#/release_note?id=v503-20220817"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN46239102/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-37333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exment",
"version": {
"version_data": [
{
"version_value": "(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier"
}
]
}
}
]
},
"vendor_name": "Kajitori Co.,Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exment.net/docs/#/weakness/20220817",
"refsource": "MISC",
"url": "https://exment.net/docs/#/weakness/20220817"
},
{
"name": "https://exment.net/docs/#/release_note?id=v503-20220817",
"refsource": "MISC",
"url": "https://exment.net/docs/#/release_note?id=v503-20220817"
},
{
"name": "https://jvn.jp/en/jp/JVN46239102/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN46239102/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-37333",
"datePublished": "2022-08-24T08:40:18.000Z",
"dateReserved": "2022-08-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:20.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5620 (GCVE-0-2020-5620)
Vulnerability from cvelistv5 – Published: 2020-08-25 02:20 – Updated: 2024-08-04 08:39
VLAI
EPSS
VEX
Summary
Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exment.net/docs/#/weakness/20200819 | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN88315581/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kajitori Co.,Ltd | Exment |
Affected:
prior to v3.6.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exment.net/docs/#/weakness/20200819"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN88315581/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exment",
"vendor": "Kajitori Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "prior to v3.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-25T02:20:22.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exment.net/docs/#/weakness/20200819"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN88315581/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exment",
"version": {
"version_data": [
{
"version_value": "prior to v3.6.0"
}
]
}
}
]
},
"vendor_name": "Kajitori Co.,Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exment.net/docs/#/weakness/20200819",
"refsource": "MISC",
"url": "https://exment.net/docs/#/weakness/20200819"
},
{
"name": "https://jvn.jp/en/jp/JVN88315581/",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN88315581/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5620",
"datePublished": "2020-08-25T02:20:22.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5619 (GCVE-0-2020-5619)
Vulnerability from cvelistv5 – Published: 2020-08-25 02:20 – Updated: 2024-08-04 08:39
VLAI
EPSS
VEX
Summary
Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exment.net/docs/#/weakness/20200819 | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN88315581/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kajitori Co.,Ltd | Exment |
Affected:
prior to v3.6.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:23.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exment.net/docs/#/weakness/20200819"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN88315581/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Exment",
"vendor": "Kajitori Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "prior to v3.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-25T02:20:22.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exment.net/docs/#/weakness/20200819"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN88315581/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Exment",
"version": {
"version_data": [
{
"version_value": "prior to v3.6.0"
}
]
}
}
]
},
"vendor_name": "Kajitori Co.,Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exment.net/docs/#/weakness/20200819",
"refsource": "MISC",
"url": "https://exment.net/docs/#/weakness/20200819"
},
{
"name": "https://jvn.jp/en/jp/JVN88315581/",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN88315581/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5619",
"datePublished": "2020-08-25T02:20:22.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:23.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2024-000110
Vulnerability from jvndb - Published: 2024-10-11 14:13 - Updated:2024-10-11 14:13
Severity
Summary
Multiple vulnerabilities in Exment
Details
Exment provided by Kajitori Co.,Ltd contains multiple vulnerabilities listed below.
- Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-46897
- Stored Cross-site Scripting (CWE-79) - CVE-2024-47793
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000110.html",
"dc:date": "2024-10-11T14:13+09:00",
"dcterms:issued": "2024-10-11T14:13+09:00",
"dcterms:modified": "2024-10-11T14:13+09:00",
"description": "Exment provided by Kajitori Co.,Ltd contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eIncorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-46897\u003c/li\u003e\r\n\u003cli\u003eStored Cross-site Scripting (CWE-79) - CVE-2024-47793\u003c/li\u003e\u003c/ul\u003e\r\nCVE-2024-46897\r\nmasataka sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-47793\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000110.html",
"sec:cpe": {
"#text": "cpe:/a:exceedone:exment",
"@product": "Exment",
"@vendor": "Kajitori Co.,Ltd",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000110",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN74538317/index.html",
"@id": "JVN#74538317",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-46897",
"@id": "CVE-2024-46897",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-47793",
"@id": "CVE-2024-47793",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in Exment"
}
JVNDB-2022-000065
Vulnerability from jvndb - Published: 2022-08-24 14:23 - Updated:2024-06-14 11:09
Severity
Summary
Multiple vulnerabilities in Exment
Details
Exment provided by Kajitori Co.,Ltd contains multiple vulnerabilities listed below.
* Reflected cross-site scripting (CWE-79) - CVE-2022-38080
* SQL injection (CWE-89) - CVE-2022-37333
* Stored cross-site scripting (CWE-79) - CVE-2022-38089
CVE-2022-38080, CVE-2022-37333
Hibiki Moriyama of STNet, Incorporated reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2022-38089
Yuya Chudo of N.F.Laboratories Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000065.html",
"dc:date": "2024-06-14T11:09+09:00",
"dcterms:issued": "2022-08-24T14:23+09:00",
"dcterms:modified": "2024-06-14T11:09+09:00",
"description": "Exment provided by Kajitori Co.,Ltd contains multiple vulnerabilities listed below.\r\n * Reflected cross-site scripting (CWE-79) - CVE-2022-38080\r\n * SQL injection (CWE-89) - CVE-2022-37333\r\n * Stored cross-site scripting (CWE-79) - CVE-2022-38089\r\n\r\nCVE-2022-38080, CVE-2022-37333\r\nHibiki Moriyama of STNet, Incorporated reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2022-38089\r\nYuya Chudo of N.F.Laboratories Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000065.html",
"sec:cpe": [
{
"#text": "cpe:/a:exceedone:kajitori_exceedone_exment",
"@product": "exceedone/exment",
"@vendor": "Kajitori Co.,Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:exceedone:laravel-admin",
"@product": "exceedone/laravel-admin",
"@vendor": "Kajitori Co.,Ltd",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000065",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN46239102/index.html",
"@id": "JVN#46239102",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-38080",
"@id": "CVE-2022-38080",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-37333",
"@id": "CVE-2022-37333",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-38089",
"@id": "CVE-2022-38089",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-37333",
"@id": "CVE-2022-37333",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-38080",
"@id": "CVE-2022-38080",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-38089",
"@id": "CVE-2022-38089",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Multiple vulnerabilities in Exment"
}
JVNDB-2020-000054
Vulnerability from jvndb - Published: 2020-08-21 14:34 - Updated:2020-08-21 14:34
Severity
Summary
Multiple cross-site scripting vulnerabilities in Exment
Details
Exment provided by Kajitori Co.,Ltd contains multiple cross-site scripting vulnerabilities listed below.
* Stored cross-site scripting vulnerability in some input fields (CWE-79) - CVE-2020-5619
* Stored cross-site scripting vulnerability in upload files (CWE-79) - CVE-2020-5620
Ryoya Koyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000054.html",
"dc:date": "2020-08-21T14:34+09:00",
"dcterms:issued": "2020-08-21T14:34+09:00",
"dcterms:modified": "2020-08-21T14:34+09:00",
"description": "Exment provided by Kajitori Co.,Ltd contains multiple cross-site scripting vulnerabilities listed below. \r\n* Stored cross-site scripting vulnerability in some input fields (CWE-79) - CVE-2020-5619\r\n* Stored cross-site scripting vulnerability in upload files (CWE-79) - CVE-2020-5620 \r\n\r\nRyoya Koyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000054.html",
"sec:cpe": {
"#text": "cpe:/a:exceedone:exment",
"@product": "Exment",
"@vendor": "Kajitori Co.,Ltd",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000054",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN88315581/index.html",
"@id": "JVN#88315581",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5619",
"@id": "CVE-2020-5619",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5620",
"@id": "CVE-2020-5620",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5619",
"@id": "CVE-2020-5619",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5620",
"@id": "CVE-2020-5620",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple cross-site scripting vulnerabilities in Exment"
}