All the vulnerabilites related to Kajitori Co.,Ltd - Exment
cve-2020-5619
Vulnerability from cvelistv5
Published
2020-08-25 02:20
Modified
2024-08-04 08:39
Severity ?
Summary
Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:39:23.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exment.net/docs/#/weakness/20200819"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN88315581/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Exment",
          "vendor": "Kajitori Co.,Ltd",
          "versions": [
            {
              "status": "affected",
              "version": "prior to v3.6.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-25T02:20:22",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exment.net/docs/#/weakness/20200819"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN88315581/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2020-5619",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Exment",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to v3.6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Kajitori Co.,Ltd"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exment.net/docs/#/weakness/20200819",
              "refsource": "MISC",
              "url": "https://exment.net/docs/#/weakness/20200819"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN88315581/",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN88315581/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2020-5619",
    "datePublished": "2020-08-25T02:20:22",
    "dateReserved": "2020-01-06T00:00:00",
    "dateUpdated": "2024-08-04T08:39:23.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-38080
Vulnerability from cvelistv5
Published
2022-08-24 08:41
Modified
2024-08-03 10:45
Severity ?
Summary
Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:45:52.407Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exment.net/docs/#/weakness/20220817"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exment.net/docs/#/release_note?id=v503-20220817"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN46239102/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Exment",
          "vendor": "Kajitori Co.,Ltd",
          "versions": [
            {
              "status": "affected",
              "version": "(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier,  (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-24T08:41:07",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exment.net/docs/#/weakness/20220817"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exment.net/docs/#/release_note?id=v503-20220817"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN46239102/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-38080",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Exment",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier,  (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Kajitori Co.,Ltd"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exment.net/docs/#/weakness/20220817",
              "refsource": "MISC",
              "url": "https://exment.net/docs/#/weakness/20220817"
            },
            {
              "name": "https://exment.net/docs/#/release_note?id=v503-20220817",
              "refsource": "MISC",
              "url": "https://exment.net/docs/#/release_note?id=v503-20220817"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN46239102/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN46239102/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-38080",
    "datePublished": "2022-08-24T08:41:07",
    "dateReserved": "2022-08-19T00:00:00",
    "dateUpdated": "2024-08-03T10:45:52.407Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-47793
Vulnerability from cvelistv5
Published
2024-10-18 06:05
Modified
2024-10-18 16:32
Summary
Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns (column type: images or files), an arbitrary script may be executed on the web browser of the user.
Impacted products
Vendor Product Version
Kajitori Co.,Ltd Exment Version: v5.0.11 and earlier
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47793",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-18T16:31:44.838925Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-18T16:32:09.295Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Exment",
          "vendor": "Kajitori Co.,Ltd",
          "versions": [
            {
              "status": "affected",
              "version": "v6.1.4 and earlier"
            }
          ]
        },
        {
          "product": "Exment",
          "vendor": "Kajitori Co.,Ltd",
          "versions": [
            {
              "status": "affected",
              "version": "v5.0.11 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns (column type: images or files), an arbitrary script may be executed on the web browser of the user."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site scripting (XSS)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-18T06:05:11.833Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://exment.net/vulnerability-correspondence-version-6-1-5-and-5-0-12-released/"
        },
        {
          "url": "https://exment.net/docs/#/weakness/20241010"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN74538317/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-47793",
    "datePublished": "2024-10-18T06:05:11.833Z",
    "dateReserved": "2024-10-03T07:09:45.540Z",
    "dateUpdated": "2024-10-18T16:32:09.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-37333
Vulnerability from cvelistv5
Published
2022-08-24 08:40
Modified
2024-08-03 10:29
Severity ?
Summary
SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:29:20.932Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exment.net/docs/#/weakness/20220817"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exment.net/docs/#/release_note?id=v503-20220817"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN46239102/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Exment",
          "vendor": "Kajitori Co.,Ltd",
          "versions": [
            {
              "status": "affected",
              "version": "(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier,  (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-24T08:40:18",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exment.net/docs/#/weakness/20220817"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exment.net/docs/#/release_note?id=v503-20220817"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN46239102/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-37333",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Exment",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier,  (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Kajitori Co.,Ltd"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exment.net/docs/#/weakness/20220817",
              "refsource": "MISC",
              "url": "https://exment.net/docs/#/weakness/20220817"
            },
            {
              "name": "https://exment.net/docs/#/release_note?id=v503-20220817",
              "refsource": "MISC",
              "url": "https://exment.net/docs/#/release_note?id=v503-20220817"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN46239102/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN46239102/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-37333",
    "datePublished": "2022-08-24T08:40:18",
    "dateReserved": "2022-08-19T00:00:00",
    "dateUpdated": "2024-08-03T10:29:20.932Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-5620
Vulnerability from cvelistv5
Published
2020-08-25 02:20
Modified
2024-08-04 08:39
Severity ?
Summary
Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:39:25.753Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exment.net/docs/#/weakness/20200819"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN88315581/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Exment",
          "vendor": "Kajitori Co.,Ltd",
          "versions": [
            {
              "status": "affected",
              "version": "prior to v3.6.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-25T02:20:22",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exment.net/docs/#/weakness/20200819"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN88315581/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2020-5620",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Exment",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to v3.6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Kajitori Co.,Ltd"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exment.net/docs/#/weakness/20200819",
              "refsource": "MISC",
              "url": "https://exment.net/docs/#/weakness/20200819"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN88315581/",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN88315581/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2020-5620",
    "datePublished": "2020-08-25T02:20:22",
    "dateReserved": "2020-01-06T00:00:00",
    "dateUpdated": "2024-08-04T08:39:25.753Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-46897
Vulnerability from cvelistv5
Published
2024-10-18 06:03
Modified
2024-10-18 16:32
Summary
Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table.
Impacted products
Vendor Product Version
Kajitori Co.,Ltd Exment Version: v5.0.11 and earlier
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46897",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-18T16:32:48.441028Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-18T16:32:55.609Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Exment",
          "vendor": "Kajitori Co.,Ltd",
          "versions": [
            {
              "status": "affected",
              "version": "v6.1.4 and earlier"
            }
          ]
        },
        {
          "product": "Exment",
          "vendor": "Kajitori Co.,Ltd",
          "versions": [
            {
              "status": "affected",
              "version": "v5.0.11 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-732",
              "description": "Incorrect permission assignment for critical resource",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-18T06:03:40.573Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://exment.net/vulnerability-correspondence-version-6-1-5-and-5-0-12-released/"
        },
        {
          "url": "https://exment.net/docs/#/weakness/20241010_2"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN74538317/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-46897",
    "datePublished": "2024-10-18T06:03:40.573Z",
    "dateReserved": "2024-10-03T07:09:44.720Z",
    "dateUpdated": "2024-10-18T16:32:55.609Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-38089
Vulnerability from cvelistv5
Published
2022-08-24 08:41
Modified
2024-08-03 10:45
Severity ?
Summary
Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:45:52.456Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exment.net/docs/#/weakness/20220817"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exment.net/docs/#/release_note?id=v503-20220817"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN46239102/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Exment",
          "vendor": "Kajitori Co.,Ltd",
          "versions": [
            {
              "status": "affected",
              "version": "(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier,  (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-24T08:41:29",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exment.net/docs/#/weakness/20220817"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exment.net/docs/#/release_note?id=v503-20220817"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN46239102/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-38089",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Exment",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "(PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier,  (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Kajitori Co.,Ltd"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exment.net/docs/#/weakness/20220817",
              "refsource": "MISC",
              "url": "https://exment.net/docs/#/weakness/20220817"
            },
            {
              "name": "https://exment.net/docs/#/release_note?id=v503-20220817",
              "refsource": "MISC",
              "url": "https://exment.net/docs/#/release_note?id=v503-20220817"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN46239102/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN46239102/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-38089",
    "datePublished": "2022-08-24T08:41:29",
    "dateReserved": "2022-08-19T00:00:00",
    "dateUpdated": "2024-08-03T10:45:52.456Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

jvndb-2024-000110
Vulnerability from jvndb
Published
2024-10-11 14:13
Modified
2024-10-11 14:13
Severity ?
Summary
Multiple vulnerabilities in Exment
Details
Exment provided by Kajitori Co.,Ltd contains multiple vulnerabilities listed below. <ul><li>Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-46897</li> <li>Stored Cross-site Scripting (CWE-79) - CVE-2024-47793</li></ul> CVE-2024-46897 masataka sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2024-47793 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Impacted products
Kajitori Co.,LtdExment
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000110.html",
  "dc:date": "2024-10-11T14:13+09:00",
  "dcterms:issued": "2024-10-11T14:13+09:00",
  "dcterms:modified": "2024-10-11T14:13+09:00",
  "description": "Exment provided by Kajitori Co.,Ltd contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eIncorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-46897\u003c/li\u003e\r\n\u003cli\u003eStored Cross-site Scripting (CWE-79) - CVE-2024-47793\u003c/li\u003e\u003c/ul\u003e\r\nCVE-2024-46897\r\nmasataka sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-47793\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000110.html",
  "sec:cpe": {
    "#text": "cpe:/a:exceedone:exment",
    "@product": "Exment",
    "@vendor": "Kajitori Co.,Ltd",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "3.8",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-000110",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN74538317/index.html",
      "@id": "JVN#74538317",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-46897",
      "@id": "CVE-2024-46897",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-47793",
      "@id": "CVE-2024-47793",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in Exment"
}

jvndb-2020-000054
Vulnerability from jvndb
Published
2020-08-21 14:34
Modified
2020-08-21 14:34
Severity ?
Summary
Multiple cross-site scripting vulnerabilities in Exment
Details
Exment provided by Kajitori Co.,Ltd contains multiple cross-site scripting vulnerabilities listed below. * Stored cross-site scripting vulnerability in some input fields (CWE-79) - CVE-2020-5619 * Stored cross-site scripting vulnerability in upload files (CWE-79) - CVE-2020-5620 Ryoya Koyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Impacted products
Kajitori Co.,LtdExment
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000054.html",
  "dc:date": "2020-08-21T14:34+09:00",
  "dcterms:issued": "2020-08-21T14:34+09:00",
  "dcterms:modified": "2020-08-21T14:34+09:00",
  "description": "Exment provided by Kajitori Co.,Ltd contains multiple cross-site scripting vulnerabilities listed below. \r\n* Stored cross-site scripting vulnerability in some input fields (CWE-79) - CVE-2020-5619\r\n* Stored cross-site scripting vulnerability in upload files (CWE-79) - CVE-2020-5620 \r\n\r\nRyoya Koyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000054.html",
  "sec:cpe": {
    "#text": "cpe:/a:exceedone:exment",
    "@product": "Exment",
    "@vendor": "Kajitori Co.,Ltd",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "3.5",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "5.4",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2020-000054",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN88315581/index.html",
      "@id": "JVN#88315581",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5619",
      "@id": "CVE-2020-5619",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5620",
      "@id": "CVE-2020-5620",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5619",
      "@id": "CVE-2020-5619",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5620",
      "@id": "CVE-2020-5620",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple cross-site scripting vulnerabilities in Exment"
}