Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
9 vulnerabilities by WBCE Team
CVE-2017-2120 (GCVE-0-2017-2120)
Vulnerability from nvd – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN73083905/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/96467 | vdb-entryx_refsource_BID |
| https://forum.wbce.org/viewtopic.php?id=977 | x_refsource_MISC |
Date Public
2017-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#73083905",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73083905/index.html"
},
{
"name": "96467",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96467"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.wbce.org/viewtopic.php?id=977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WBCE CMS",
"vendor": "WBCE Team",
"versions": [
{
"status": "affected",
"version": "1.1.10 and earlier"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#73083905",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73083905/index.html"
},
{
"name": "96467",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96467"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.wbce.org/viewtopic.php?id=977"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WBCE CMS",
"version": {
"version_data": [
{
"version_value": "1.1.10 and earlier"
}
]
}
}
]
},
"vendor_name": "WBCE Team"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#73083905",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73083905/index.html"
},
{
"name": "96467",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96467"
},
{
"name": "https://forum.wbce.org/viewtopic.php?id=977",
"refsource": "MISC",
"url": "https://forum.wbce.org/viewtopic.php?id=977"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2120",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:39:32.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2119 (GCVE-0-2017-2119)
Vulnerability from nvd – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
VLAI
EPSS
VEX
Summary
Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN73083905/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/96467 | vdb-entryx_refsource_BID |
| https://forum.wbce.org/viewtopic.php?id=977 | x_refsource_MISC |
Date Public
2017-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#73083905",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73083905/index.html"
},
{
"name": "96467",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96467"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.wbce.org/viewtopic.php?id=977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WBCE CMS",
"vendor": "WBCE Team",
"versions": [
{
"status": "affected",
"version": "1.1.10 and earlier"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#73083905",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73083905/index.html"
},
{
"name": "96467",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96467"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.wbce.org/viewtopic.php?id=977"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WBCE CMS",
"version": {
"version_data": [
{
"version_value": "1.1.10 and earlier"
}
]
}
}
]
},
"vendor_name": "WBCE Team"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#73083905",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73083905/index.html"
},
{
"name": "96467",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96467"
},
{
"name": "https://forum.wbce.org/viewtopic.php?id=977",
"refsource": "MISC",
"url": "https://forum.wbce.org/viewtopic.php?id=977"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2119",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:39:32.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2118 (GCVE-0-2017-2118)
Vulnerability from nvd – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
VLAI
EPSS
VEX
Summary
Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN73083905/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/96467 | vdb-entryx_refsource_BID |
| https://forum.wbce.org/viewtopic.php?id=977 | x_refsource_MISC |
Date Public
2017-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#73083905",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73083905/index.html"
},
{
"name": "96467",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96467"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.wbce.org/viewtopic.php?id=977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WBCE CMS",
"vendor": "WBCE Team",
"versions": [
{
"status": "affected",
"version": "1.1.10 and earlier"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#73083905",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73083905/index.html"
},
{
"name": "96467",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96467"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.wbce.org/viewtopic.php?id=977"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WBCE CMS",
"version": {
"version_data": [
{
"version_value": "1.1.10 and earlier"
}
]
}
}
]
},
"vendor_name": "WBCE Team"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#73083905",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73083905/index.html"
},
{
"name": "96467",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96467"
},
{
"name": "https://forum.wbce.org/viewtopic.php?id=977",
"refsource": "MISC",
"url": "https://forum.wbce.org/viewtopic.php?id=977"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2118",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:39:32.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2119 (GCVE-0-2017-2119)
Vulnerability from cvelistv5 – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
VLAI
EPSS
VEX
Summary
Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN73083905/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/96467 | vdb-entryx_refsource_BID |
| https://forum.wbce.org/viewtopic.php?id=977 | x_refsource_MISC |
Date Public
2017-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#73083905",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73083905/index.html"
},
{
"name": "96467",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96467"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.wbce.org/viewtopic.php?id=977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WBCE CMS",
"vendor": "WBCE Team",
"versions": [
{
"status": "affected",
"version": "1.1.10 and earlier"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#73083905",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73083905/index.html"
},
{
"name": "96467",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96467"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.wbce.org/viewtopic.php?id=977"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WBCE CMS",
"version": {
"version_data": [
{
"version_value": "1.1.10 and earlier"
}
]
}
}
]
},
"vendor_name": "WBCE Team"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#73083905",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73083905/index.html"
},
{
"name": "96467",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96467"
},
{
"name": "https://forum.wbce.org/viewtopic.php?id=977",
"refsource": "MISC",
"url": "https://forum.wbce.org/viewtopic.php?id=977"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2119",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:39:32.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2120 (GCVE-0-2017-2120)
Vulnerability from cvelistv5 – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN73083905/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/96467 | vdb-entryx_refsource_BID |
| https://forum.wbce.org/viewtopic.php?id=977 | x_refsource_MISC |
Date Public
2017-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#73083905",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73083905/index.html"
},
{
"name": "96467",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96467"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.wbce.org/viewtopic.php?id=977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WBCE CMS",
"vendor": "WBCE Team",
"versions": [
{
"status": "affected",
"version": "1.1.10 and earlier"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#73083905",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73083905/index.html"
},
{
"name": "96467",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96467"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.wbce.org/viewtopic.php?id=977"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WBCE CMS",
"version": {
"version_data": [
{
"version_value": "1.1.10 and earlier"
}
]
}
}
]
},
"vendor_name": "WBCE Team"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#73083905",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73083905/index.html"
},
{
"name": "96467",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96467"
},
{
"name": "https://forum.wbce.org/viewtopic.php?id=977",
"refsource": "MISC",
"url": "https://forum.wbce.org/viewtopic.php?id=977"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2120",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:39:32.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2118 (GCVE-0-2017-2118)
Vulnerability from cvelistv5 – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
VLAI
EPSS
VEX
Summary
Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN73083905/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/96467 | vdb-entryx_refsource_BID |
| https://forum.wbce.org/viewtopic.php?id=977 | x_refsource_MISC |
Date Public
2017-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#73083905",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73083905/index.html"
},
{
"name": "96467",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96467"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.wbce.org/viewtopic.php?id=977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WBCE CMS",
"vendor": "WBCE Team",
"versions": [
{
"status": "affected",
"version": "1.1.10 and earlier"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#73083905",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73083905/index.html"
},
{
"name": "96467",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96467"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.wbce.org/viewtopic.php?id=977"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WBCE CMS",
"version": {
"version_data": [
{
"version_value": "1.1.10 and earlier"
}
]
}
}
]
},
"vendor_name": "WBCE Team"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#73083905",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73083905/index.html"
},
{
"name": "96467",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96467"
},
{
"name": "https://forum.wbce.org/viewtopic.php?id=977",
"refsource": "MISC",
"url": "https://forum.wbce.org/viewtopic.php?id=977"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2118",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:39:32.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2017-000037
Vulnerability from jvndb - Published: 2017-02-28 14:22 - Updated:2017-06-01 12:28
Severity
Summary
WBCE CMS vulnerable to SQL injection
Details
WBCE CMS provided by WBCE Team is an open-source Contents Management System (CMS). WBCE CMS contains an SQL injection vulnerability (CWE-89).
ASAI Ken reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000037.html",
"dc:date": "2017-06-01T12:28+09:00",
"dcterms:issued": "2017-02-28T14:22+09:00",
"dcterms:modified": "2017-06-01T12:28+09:00",
"description": "WBCE CMS provided by WBCE Team is an open-source Contents Management System (CMS). WBCE CMS contains an SQL injection vulnerability (CWE-89).\r\n\r\nASAI Ken reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000037.html",
"sec:cpe": {
"#text": "cpe:/a:wbce:wbce_cms",
"@product": "WBCE CMS",
"@vendor": "WBCE Team",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000037",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN73083905/index.html",
"@id": "JVN#73083905",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2120",
"@id": "CVE-2017-2120",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2120",
"@id": "CVE-2017-2120",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "WBCE CMS vulnerable to SQL injection"
}
JVNDB-2017-000036
Vulnerability from jvndb - Published: 2017-02-28 14:21 - Updated:2017-06-01 12:28
Severity
Summary
WBCE CMS vulnerable to directory traversal
Details
WBCE CMS provided by WBCE Team is an open-source Contents Management System (CMS). WBCE CMS contains a directory traversal vulnerability (CWE-22).
ASAI Ken reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000036.html",
"dc:date": "2017-06-01T12:28+09:00",
"dcterms:issued": "2017-02-28T14:21+09:00",
"dcterms:modified": "2017-06-01T12:28+09:00",
"description": "WBCE CMS provided by WBCE Team is an open-source Contents Management System (CMS). WBCE CMS contains a directory traversal vulnerability (CWE-22).\r\n\r\nASAI Ken reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000036.html",
"sec:cpe": {
"#text": "cpe:/a:wbce:wbce_cms",
"@product": "WBCE CMS",
"@vendor": "WBCE Team",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000036",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN73083905/index.html",
"@id": "JVN#73083905",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2119",
"@id": "CVE-2017-2119",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2119",
"@id": "CVE-2017-2119",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "WBCE CMS vulnerable to directory traversal"
}
JVNDB-2017-000035
Vulnerability from jvndb - Published: 2017-02-28 14:21 - Updated:2017-06-01 12:28
Severity
Summary
WBCE CMS vulnerable to cross-site scripting
Details
WBCE CMS provided by WBCE Team is an open-source Contents Management System (CMS). WBCE CMS contains a cross-site scripting vulnerability (CWE-79).
ASAI Ken reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000035.html",
"dc:date": "2017-06-01T12:28+09:00",
"dcterms:issued": "2017-02-28T14:21+09:00",
"dcterms:modified": "2017-06-01T12:28+09:00",
"description": "WBCE CMS provided by WBCE Team is an open-source Contents Management System (CMS). WBCE CMS contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nASAI Ken reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000035.html",
"sec:cpe": {
"#text": "cpe:/a:wbce:wbce_cms",
"@product": "WBCE CMS",
"@vendor": "WBCE Team",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000035",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN73083905/index.html",
"@id": "JVN#73083905",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2118",
"@id": "CVE-2017-2118",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2118",
"@id": "CVE-2017-2118",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "WBCE CMS vulnerable to cross-site scripting"
}