Search

Find a vulnerability

Search criteria

    5 vulnerabilities found for MATCHA SNS by ICZ Corporation

    JVNDB-2026-000052

    Vulnerability from jvndb - Published: 2026-04-08 16:15 - Updated:2026-04-08 16:15
    Severity
    Summary
    Multiple vulnerabilities in MATCHA series
    Details
    MATCHA series provided by ICZ Corporation contains multiple vulnerabilities listed below.
    • SQL injection (CWE-89) - CVE-2026-24913
    • Cross-site scripting (CWE-79) - CVE-2026-27787
    • Unrestricted upload of file with dangerous type(CWE-434) - CVE-2026-33273
    CVE-2026-24913, CVE-2026-27787 Kenta Chikagawa of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2026-33273 Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000052.html",
      "dc:date": "2026-04-08T16:15+09:00",
      "dcterms:issued": "2026-04-08T16:15+09:00",
      "dcterms:modified": "2026-04-08T16:15+09:00",
      "description": "MATCHA series provided by ICZ Corporation contains multiple vulnerabilities listed below.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/89.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/79.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/434.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eSQL injection (CWE-89) - CVE-2026-24913\u003c/li\u003e\u003cli\u003eCross-site scripting (CWE-79) - CVE-2026-27787\u003c/li\u003e\u003cli\u003eUnrestricted upload of file with dangerous type(CWE-434) - CVE-2026-33273\u003c/li\u003e\u003c/ul\u003eCVE-2026-24913, CVE-2026-27787\r\nKenta Chikagawa of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2026-33273\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000052.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:icz:matchasns",
          "@product": "MATCHA SNS",
          "@vendor": "ICZ Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:icz:matcha_bill",
          "@product": "MATCHA INVOICE",
          "@vendor": "ICZ Corporation",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "8.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2026-000052",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN33581068/index.html",
          "@id": "JVN#33581068",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-24913",
          "@id": "CVE-2026-24913",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-27787",
          "@id": "CVE-2026-27787",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-33273",
          "@id": "CVE-2026-33273",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-89",
          "@title": "SQL Injection(CWE-89)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in MATCHA series"
    }

    JVNDB-2015-000145

    Vulnerability from jvndb - Published: 2015-09-30 15:05 - Updated:2015-10-08 15:25
    Severity
    N/A (UNKNOWN) - -
    Summary
    MATCHA SNS vulnerable to code injection
    Details
    MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains a code injection (CWE-94) vulnerability due to a flaw when configuring the database during installation. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000145.html",
      "dc:date": "2015-10-08T15:25+09:00",
      "dcterms:issued": "2015-09-30T15:05+09:00",
      "dcterms:modified": "2015-10-08T15:25+09:00",
      "description": "MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains a code injection (CWE-94) vulnerability due to a flaw when configuring the database during installation.\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000145.html",
      "sec:cpe": {
        "#text": "cpe:/a:icz:matchasns",
        "@product": "MATCHA SNS",
        "@vendor": "ICZ Corporation",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "5.1",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2015-000145",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN08535069/index.html",
          "@id": "JVN#08535069",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5644",
          "@id": "CVE-2015-5644",
          "@source": "CVE"
        },
        {
          "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5644",
          "@id": "CVE-2015-5644",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-94",
          "@title": "Code Injection(CWE-94)"
        }
      ],
      "title": "MATCHA SNS vulnerable to code injection"
    }

    JVNDB-2015-000146

    Vulnerability from jvndb - Published: 2015-09-30 15:05 - Updated:2015-10-08 15:25
    Severity
    N/A (UNKNOWN) - -
    Summary
    MATCHA SNS access restriction bypass vulnerability
    Details
    MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains an access restriction bypass vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000146.html",
      "dc:date": "2015-10-08T15:25+09:00",
      "dcterms:issued": "2015-09-30T15:05+09:00",
      "dcterms:modified": "2015-10-08T15:25+09:00",
      "description": "MATCHA SNS provided by ICZ Corporation is an SNS software. \r\nMATCHA SNS contains an access restriction bypass vulnerability.\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000146.html",
      "sec:cpe": {
        "#text": "cpe:/a:icz:matchasns",
        "@product": "MATCHA SNS",
        "@vendor": "ICZ Corporation",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "5.5",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2015-000146",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN85118545/index.html",
          "@id": "JVN#85118545",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5645",
          "@id": "CVE-2015-5645",
          "@source": "CVE"
        },
        {
          "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5645",
          "@id": "CVE-2015-5645",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        }
      ],
      "title": "MATCHA SNS access restriction bypass vulnerability"
    }

    CVE-2026-27787 (GCVE-0-2026-27787)

    Vulnerability from nvd – Published: 2026-04-08 05:11 – Updated: 2026-04-08 13:55
    VLAI
    Summary
    Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site scripting (XSS)
    Assigner
    Impacted products
    Vendor Product Version
    ICZ Corporation MATCHA SNS Affected: 1.3.9 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27787",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-08T13:55:00.130119Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T13:55:07.158Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MATCHA SNS",
              "vendor": "ICZ Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.3.9 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site scripting (XSS)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T05:11:11.154Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://oss.icz.co.jp/news/?p=1388"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN33581068/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-27787",
        "datePublished": "2026-04-08T05:11:11.154Z",
        "dateReserved": "2026-04-03T04:29:15.069Z",
        "dateUpdated": "2026-04-08T13:55:07.158Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27787 (GCVE-0-2026-27787)

    Vulnerability from cvelistv5 – Published: 2026-04-08 05:11 – Updated: 2026-04-08 13:55
    VLAI
    Summary
    Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site scripting (XSS)
    Assigner
    Impacted products
    Vendor Product Version
    ICZ Corporation MATCHA SNS Affected: 1.3.9 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-27787",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-08T13:55:00.130119Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T13:55:07.158Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MATCHA SNS",
              "vendor": "ICZ Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.3.9 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site scripting (XSS)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T05:11:11.154Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://oss.icz.co.jp/news/?p=1388"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN33581068/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-27787",
        "datePublished": "2026-04-08T05:11:11.154Z",
        "dateReserved": "2026-04-03T04:29:15.069Z",
        "dateUpdated": "2026-04-08T13:55:07.158Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }