Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
5 vulnerabilities found for MATCHA SNS by ICZ Corporation
JVNDB-2026-000052
Vulnerability from jvndb - Published: 2026-04-08 16:15 - Updated:2026-04-08 16:15
Severity ?
Summary
Multiple vulnerabilities in MATCHA series
Details
MATCHA series provided by ICZ Corporation contains multiple vulnerabilities listed below.
- SQL injection (CWE-89) - CVE-2026-24913
- Cross-site scripting (CWE-79) - CVE-2026-27787
- Unrestricted upload of file with dangerous type(CWE-434) - CVE-2026-33273
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000052.html",
"dc:date": "2026-04-08T16:15+09:00",
"dcterms:issued": "2026-04-08T16:15+09:00",
"dcterms:modified": "2026-04-08T16:15+09:00",
"description": "MATCHA series provided by ICZ Corporation contains multiple vulnerabilities listed below.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/89.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/79.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/434.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eSQL injection (CWE-89) - CVE-2026-24913\u003c/li\u003e\u003cli\u003eCross-site scripting (CWE-79) - CVE-2026-27787\u003c/li\u003e\u003cli\u003eUnrestricted upload of file with dangerous type(CWE-434) - CVE-2026-33273\u003c/li\u003e\u003c/ul\u003eCVE-2026-24913, CVE-2026-27787\r\nKenta Chikagawa of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2026-33273\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000052.html",
"sec:cpe": [
{
"#text": "cpe:/a:icz:matchasns",
"@product": "MATCHA SNS",
"@vendor": "ICZ Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:icz:matcha_bill",
"@product": "MATCHA INVOICE",
"@vendor": "ICZ Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000052",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN33581068/index.html",
"@id": "JVN#33581068",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-24913",
"@id": "CVE-2026-24913",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-27787",
"@id": "CVE-2026-27787",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-33273",
"@id": "CVE-2026-33273",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in MATCHA series"
}
JVNDB-2015-000146
Vulnerability from jvndb - Published: 2015-09-30 15:05 - Updated:2015-10-08 15:25Summary
MATCHA SNS access restriction bypass vulnerability
Details
MATCHA SNS provided by ICZ Corporation is an SNS software.
MATCHA SNS contains an access restriction bypass vulnerability.
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000146.html",
"dc:date": "2015-10-08T15:25+09:00",
"dcterms:issued": "2015-09-30T15:05+09:00",
"dcterms:modified": "2015-10-08T15:25+09:00",
"description": "MATCHA SNS provided by ICZ Corporation is an SNS software. \r\nMATCHA SNS contains an access restriction bypass vulnerability.\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000146.html",
"sec:cpe": {
"#text": "cpe:/a:icz:matchasns",
"@product": "MATCHA SNS",
"@vendor": "ICZ Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000146",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN85118545/index.html",
"@id": "JVN#85118545",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5645",
"@id": "CVE-2015-5645",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5645",
"@id": "CVE-2015-5645",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "MATCHA SNS access restriction bypass vulnerability"
}
JVNDB-2015-000145
Vulnerability from jvndb - Published: 2015-09-30 15:05 - Updated:2015-10-08 15:25Summary
MATCHA SNS vulnerable to code injection
Details
MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains a code injection (CWE-94) vulnerability due to a flaw when configuring the database during installation.
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000145.html",
"dc:date": "2015-10-08T15:25+09:00",
"dcterms:issued": "2015-09-30T15:05+09:00",
"dcterms:modified": "2015-10-08T15:25+09:00",
"description": "MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains a code injection (CWE-94) vulnerability due to a flaw when configuring the database during installation.\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000145.html",
"sec:cpe": {
"#text": "cpe:/a:icz:matchasns",
"@product": "MATCHA SNS",
"@vendor": "ICZ Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000145",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN08535069/index.html",
"@id": "JVN#08535069",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5644",
"@id": "CVE-2015-5644",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5644",
"@id": "CVE-2015-5644",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
}
],
"title": "MATCHA SNS vulnerable to code injection"
}
CVE-2026-27787 (GCVE-0-2026-27787)
Vulnerability from nvd – Published: 2026-04-08 05:11 – Updated: 2026-04-08 13:55
VLAI?
Summary
Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICZ Corporation | MATCHA SNS |
Affected:
1.3.9 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27787",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T13:55:00.130119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T13:55:07.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MATCHA SNS",
"vendor": "ICZ Corporation",
"versions": [
{
"status": "affected",
"version": "1.3.9 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T05:11:11.154Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://oss.icz.co.jp/news/?p=1388"
},
{
"url": "https://jvn.jp/en/jp/JVN33581068/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-27787",
"datePublished": "2026-04-08T05:11:11.154Z",
"dateReserved": "2026-04-03T04:29:15.069Z",
"dateUpdated": "2026-04-08T13:55:07.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27787 (GCVE-0-2026-27787)
Vulnerability from cvelistv5 – Published: 2026-04-08 05:11 – Updated: 2026-04-08 13:55
VLAI?
Summary
Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICZ Corporation | MATCHA SNS |
Affected:
1.3.9 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27787",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T13:55:00.130119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T13:55:07.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MATCHA SNS",
"vendor": "ICZ Corporation",
"versions": [
{
"status": "affected",
"version": "1.3.9 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T05:11:11.154Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://oss.icz.co.jp/news/?p=1388"
},
{
"url": "https://jvn.jp/en/jp/JVN33581068/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-27787",
"datePublished": "2026-04-08T05:11:11.154Z",
"dateReserved": "2026-04-03T04:29:15.069Z",
"dateUpdated": "2026-04-08T13:55:07.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}