Vulnerability-Lookup

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

Full-Text Search

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

JVNDB-2017-000003

Vulnerability from jvndb - Published: 2017-01-06 14:02 - Updated:2017-06-01 15:58

Severity

6.1 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Olive Diary DX vulnerable to cross-site scripting

Details

Olive Diary DX provided by Olive Design contains a cross-site scripting vulnerability (CWE-79) due to a flaw in processing the page parameter.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN71538099/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7841
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-7841
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

OliveDesign

Olive Diary DX

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000003.html",
  "dc:date": "2017-06-01T15:58+09:00",
  "dcterms:issued": "2017-01-06T14:02+09:00",
  "dcterms:modified": "2017-06-01T15:58+09:00",
  "description": "Olive Diary DX provided by Olive Design contains a cross-site scripting vulnerability (CWE-79) due to a flaw in processing the page parameter.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000003.html",
  "sec:cpe": {
    "#text": "cpe:/a:olive_design:olive_diary_dx",
    "@product": "Olive Diary DX",
    "@vendor": "OliveDesign",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "6.1",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000003",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN71538099/index.html",
      "@id": "JVN#71538099",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7841",
      "@id": "CVE-2016-7841",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7841",
      "@id": "CVE-2016-7841",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Olive Diary DX vulnerable to cross-site scripting"
}

JVNDB-2017-000002

Vulnerability from jvndb - Published: 2017-01-06 14:01 - Updated:2017-06-01 15:58

Severity

6.1 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

WEB SCHEDULE vulnerable to cross-site scripting

Details

WEB SCHEDULE provided by Olive Design contains a cross-site scripting vulnerability (CWE-79) due to a flaw in processing the month parameter.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN12124922/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7840
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-7840
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

OliveDesign

WEB SCHEDULE

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000002.html",
  "dc:date": "2017-06-01T15:58+09:00",
  "dcterms:issued": "2017-01-06T14:01+09:00",
  "dcterms:modified": "2017-06-01T15:58+09:00",
  "description": "WEB SCHEDULE provided by Olive Design contains a cross-site scripting vulnerability (CWE-79) due to a flaw in processing the month parameter.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000002.html",
  "sec:cpe": {
    "#text": "cpe:/a:olive_design:web_schedule",
    "@product": "WEB SCHEDULE",
    "@vendor": "OliveDesign",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "6.1",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000002",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN12124922/index.html",
      "@id": "JVN#12124922",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7840",
      "@id": "CVE-2016-7840",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7840",
      "@id": "CVE-2016-7840",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "WEB SCHEDULE vulnerable to cross-site scripting"
}

JVNDB-2017-000001

Vulnerability from jvndb - Published: 2017-01-06 13:56 - Updated:2017-06-01 15:58

Severity

6.1 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Olive Blog vulnerable to cross-site scripting

Details

Olive Blog provided by Olive Design contains a cross-site scripting vulnerability (CWE-79) due to a flaw in processing the search parameter. Ueki Shuya reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN60879379/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7839
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-7839
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

OliveDesign

Olive Blog

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000001.html",
  "dc:date": "2017-06-01T15:58+09:00",
  "dcterms:issued": "2017-01-06T13:56+09:00",
  "dcterms:modified": "2017-06-01T15:58+09:00",
  "description": "Olive Blog provided by Olive Design contains a cross-site scripting vulnerability (CWE-79) due to a flaw in processing the search parameter.\r\n\r\nUeki Shuya reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000001.html",
  "sec:cpe": {
    "#text": "cpe:/a:olive_design:olive_blog",
    "@product": "Olive Blog",
    "@vendor": "OliveDesign",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "6.1",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000001",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN60879379/index.html",
      "@id": "JVN#60879379",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7839",
      "@id": "CVE-2016-7839",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7839",
      "@id": "CVE-2016-7839",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Olive Blog vulnerable to cross-site scripting"
}

JVNDB-2016-000209

Vulnerability from jvndb - Published: 2016-10-20 14:22 - Updated:2018-01-17 12:10

Severity

4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

Cross-site request forgery vulnerability in WordPress plugin WP-OliveCart

Details

WP-OliveCart provided by Olive Design is a WordPress plugin to construct a shopping site. WP-OliveCart contains cross-site request forgery vulnerability. Gen Sato of TRADE WORKS Co.,Ltd Security Dept. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN14567604/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4904
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-4904
	Cross-Site Request Forgery(CWE-352)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	OliveDesign	WP-OliveCart
	OliveDesign	WP-OliveCartPro

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000209.html",
  "dc:date": "2018-01-17T12:10+09:00",
  "dcterms:issued": "2016-10-20T14:22+09:00",
  "dcterms:modified": "2018-01-17T12:10+09:00",
  "description": "WP-OliveCart provided by Olive Design is a WordPress plugin to construct a shopping site. WP-OliveCart contains cross-site request forgery vulnerability.\r\n\r\nGen Sato of TRADE WORKS Co.,Ltd Security Dept. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000209.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:olive_design:olivedesign_wp-olivecart",
      "@product": "WP-OliveCart",
      "@vendor": "OliveDesign",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:olive_design:olivedesign_wp-olivecart_pro",
      "@product": "WP-OliveCartPro",
      "@vendor": "OliveDesign",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000209",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN14567604/index.html",
      "@id": "JVN#14567604",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4904",
      "@id": "CVE-2016-4904",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4904",
      "@id": "CVE-2016-4904",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    }
  ],
  "title": "Cross-site request forgery vulnerability in WordPress plugin WP-OliveCart"
}

JVNDB-2016-000210

Vulnerability from jvndb - Published: 2016-10-20 14:22 - Updated:2018-01-17 12:10

Severity

4.7 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Summary

SQL injection vulnerability in WordPress plugin WP-OliveCart

Details

WP-OliveCart provided by Olive Design is a WordPress plugin to construct a shopping site. WP-OliveCart contains an SQL injection vulnerability. Gen Sato of TRADE WORKS Co.,Ltd Security Dept. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN14567604/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4905
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-4905
	SQL Injection(CWE-89)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	OliveDesign	WP-OliveCart
	OliveDesign	WP-OliveCartPro

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000210.html",
  "dc:date": "2018-01-17T12:10+09:00",
  "dcterms:issued": "2016-10-20T14:22+09:00",
  "dcterms:modified": "2018-01-17T12:10+09:00",
  "description": "WP-OliveCart provided by Olive Design is a WordPress plugin to construct a shopping site. WP-OliveCart contains an SQL injection vulnerability.\r\n\r\nGen Sato of TRADE WORKS Co.,Ltd Security Dept. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000210.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:olive_design:olivedesign_wp-olivecart",
      "@product": "WP-OliveCart",
      "@vendor": "OliveDesign",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:olive_design:olivedesign_wp-olivecart_pro",
      "@product": "WP-OliveCartPro",
      "@vendor": "OliveDesign",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "4.7",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000210",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN14567604/index.html",
      "@id": "JVN#14567604",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4905",
      "@id": "CVE-2016-4905",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4905",
      "@id": "CVE-2016-4905",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-89",
      "@title": "SQL Injection(CWE-89)"
    }
  ],
  "title": "SQL injection vulnerability in WordPress plugin WP-OliveCart"
}

JVNDB-2016-000208

Vulnerability from jvndb - Published: 2016-10-20 14:22 - Updated:2018-01-17 12:10

Severity

6.1 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Cross-site scripting vulnerability in WordPress plugin WP-OliveCart

Details

WP-OliveCart provided by Olive Design is a WordPress plugin to construct a shopping site. WP-OliveCart contains cross-site scripting vulnerability. Gen Sato of TRADE WORKS Co.,Ltd Security Dept. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN14567604/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4903
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-4903
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	OliveDesign	WP-OliveCart
	OliveDesign	WP-OliveCartPro

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000208.html",
  "dc:date": "2018-01-17T12:10+09:00",
  "dcterms:issued": "2016-10-20T14:22+09:00",
  "dcterms:modified": "2018-01-17T12:10+09:00",
  "description": "WP-OliveCart provided by Olive Design is a WordPress plugin to construct a shopping site. WP-OliveCart contains cross-site scripting vulnerability.\r\n\r\nGen Sato of TRADE WORKS Co.,Ltd Security Dept. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000208.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:olive_design:olivedesign_wp-olivecart",
      "@product": "WP-OliveCart",
      "@vendor": "OliveDesign",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:olive_design:olivedesign_wp-olivecart_pro",
      "@product": "WP-OliveCartPro",
      "@vendor": "OliveDesign",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "6.1",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000208",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN14567604/index.html",
      "@id": "JVN#14567604",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4903",
      "@id": "CVE-2016-4903",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4903",
      "@id": "CVE-2016-4903",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Cross-site scripting vulnerability in WordPress plugin WP-OliveCart"
}

Find a vulnerability

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

6 vulnerabilities by OliveDesign

JVNDB-2017-000003

JVNDB-2017-000002

JVNDB-2017-000001

JVNDB-2016-000209

JVNDB-2016-000210

JVNDB-2016-000208

Find a vulnerability

Search criteria ⓘ Use this form to refine search results. Full-text search supports keyword queries with ranking and filtering. You can combine vendor, product, and sources to narrow results. Enable “Apply ordering” to sort by date instead of relevance.

6 vulnerabilities by OliveDesign

JVNDB-2017-000003

JVNDB-2017-000002

JVNDB-2017-000001

JVNDB-2016-000209

JVNDB-2016-000210

JVNDB-2016-000208

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.