Search
Find a vulnerability
Search criteria
3 vulnerabilities by Media Fusion Co.,Ltd.
CVE-2024-41930 (GCVE-0-2024-41930)
Vulnerability from nvd – Published: 2024-09-27 08:55 – Updated: 2024-11-04 21:12
VLAI
Summary
Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN21176842/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Media Fusion Co.,Ltd. | MF Teacher Performance Management System |
Affected:
version 6
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41930",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T16:09:42.758252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T21:12:00.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MF Teacher Performance Management System",
"vendor": "Media Fusion Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "version 6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T08:55:36.791Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN21176842/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-41930",
"datePublished": "2024-09-27T08:55:36.791Z",
"dateReserved": "2024-07-30T00:16:06.462Z",
"dateUpdated": "2024-11-04T21:12:00.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41930 (GCVE-0-2024-41930)
Vulnerability from cvelistv5 – Published: 2024-09-27 08:55 – Updated: 2024-11-04 21:12
VLAI
Summary
Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN21176842/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Media Fusion Co.,Ltd. | MF Teacher Performance Management System |
Affected:
version 6
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41930",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T16:09:42.758252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T21:12:00.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MF Teacher Performance Management System",
"vendor": "Media Fusion Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "version 6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T08:55:36.791Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN21176842/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-41930",
"datePublished": "2024-09-27T08:55:36.791Z",
"dateReserved": "2024-07-30T00:16:06.462Z",
"dateUpdated": "2024-11-04T21:12:00.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2024-000104
Vulnerability from jvndb - Published: 2024-09-27 15:00 - Updated:2024-10-10 11:14
Severity
Summary
MF Teacher Performance Management System vulnerable to cross-site scripting
Details
MF Teacher Performance Management System provided by Media Fusion Co.,Ltd. contains a cross-site scripting vulnerability (CWE-79).
Akira Sumiyoshi, Takuto Matsuhashi, Kei Watanabe, Akio Yamaguchi, Syunji Yazaki and Hideaki Tsuchiya of UEC-CSIRT, The University of Electro-Communications reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000104.html",
"dc:date": "2024-10-10T11:14+09:00",
"dcterms:issued": "2024-09-27T15:00+09:00",
"dcterms:modified": "2024-10-10T11:14+09:00",
"description": "MF Teacher Performance Management System provided by Media Fusion Co.,Ltd. contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nAkira Sumiyoshi, Takuto Matsuhashi, Kei Watanabe, Akio Yamaguchi, Syunji Yazaki and Hideaki Tsuchiya of UEC-CSIRT, The University of Electro-Communications reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000104.html",
"sec:cpe": {
"#text": "cpe:/a:misc:media_fusion_mf_teacher_performance_management_system",
"@product": "MF Teacher Performance Management System",
"@vendor": "Media Fusion Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000104",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN21176842/index.html",
"@id": "JVN#21176842",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-41930",
"@id": "CVE-2024-41930",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "MF Teacher Performance Management System vulnerable to cross-site scripting"
}