Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
11 vulnerabilities by SHIRASAGI Project
CVE-2024-46898 (GCVE-0-2024-46898)
Vulnerability from cvelistv5 – Published: 2024-10-15 06:10 – Updated: 2024-10-23 04:58
VLAI?
Summary
SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests.
Severity ?
8.6 (High)
CWE
- CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SHIRASAGI Project | SHIRASAGI |
Affected:
prior to v1.19.1
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ss-proj:shirasagi:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "shirasagi",
"vendor": "ss-proj",
"versions": [
{
"lessThan": "1.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T13:46:04.867617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T13:48:49.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SHIRASAGI",
"vendor": "SHIRASAGI Project",
"versions": [
{
"status": "affected",
"version": "prior to v1.19.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T04:58:28.816Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://github.com/shirasagi/shirasagi/commit/5ac4685d7e4330f949f13219069107fc5d768934"
},
{
"url": "https://www.ss-proj.org/"
},
{
"url": "https://jvn.jp/en/jp/JVN58721679/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-46898",
"datePublished": "2024-10-15T06:10:30.968Z",
"dateReserved": "2024-10-04T06:36:35.246Z",
"dateUpdated": "2024-10-23T04:58:28.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38569 (GCVE-0-2023-38569)
Vulnerability from cvelistv5 – Published: 2023-09-05 09:10 – Updated: 2024-09-30 17:26
VLAI?
Summary
Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SHIRASAGI Project | SHIRASAGI |
Affected:
prior to v1.18.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:56.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ss-proj.org/support/954.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN82758000/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38569",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T17:26:03.643737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T17:26:17.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SHIRASAGI ",
"vendor": "SHIRASAGI Project ",
"versions": [
{
"status": "affected",
"version": "prior to v1.18.0 "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T09:10:17.838Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ss-proj.org/support/954.html"
},
{
"url": "https://jvn.jp/en/jp/JVN82758000/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-38569",
"datePublished": "2023-09-05T09:10:17.838Z",
"dateReserved": "2023-08-09T02:20:28.470Z",
"dateUpdated": "2024-09-30T17:26:17.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36492 (GCVE-0-2023-36492)
Vulnerability from cvelistv5 – Published: 2023-09-05 09:09 – Updated: 2024-09-30 17:26
VLAI?
Summary
Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SHIRASAGI Project | SHIRASAGI |
Affected:
prior to v1.18.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:45:56.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ss-proj.org/support/954.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN82758000/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T17:26:46.999024Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T17:26:59.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SHIRASAGI",
"vendor": "SHIRASAGI Project",
"versions": [
{
"status": "affected",
"version": "prior to v1.18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T09:09:44.818Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ss-proj.org/support/954.html"
},
{
"url": "https://jvn.jp/en/jp/JVN82758000/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-36492",
"datePublished": "2023-09-05T09:09:44.818Z",
"dateReserved": "2023-08-09T02:20:29.499Z",
"dateUpdated": "2024-09-30T17:26:59.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39448 (GCVE-0-2023-39448)
Vulnerability from cvelistv5 – Published: 2023-09-05 08:28 – Updated: 2024-09-30 15:46
VLAI?
Summary
Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- Path traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SHIRASAGI Project | SHIRASAGI |
Affected:
prior to v1.18.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ss-proj.org/support/954.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN82758000/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39448",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T15:45:48.298745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T15:46:01.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SHIRASAGI",
"vendor": "SHIRASAGI Project",
"versions": [
{
"status": "affected",
"version": "prior to v1.18.0 "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T08:28:06.883Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ss-proj.org/support/954.html"
},
{
"url": "https://jvn.jp/en/jp/JVN82758000/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-39448",
"datePublished": "2023-09-05T08:28:06.883Z",
"dateReserved": "2023-08-09T02:20:27.425Z",
"dateUpdated": "2024-09-30T15:46:01.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22427 (GCVE-0-2023-22427)
Vulnerability from cvelistv5 – Published: 2023-02-24 00:00 – Updated: 2025-03-12 15:20
VLAI?
Summary
Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script.
Severity ?
4.8 (Medium)
CWE
- Cross-site scripting
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SHIRASAGI Project | SHIRASAGI |
Affected:
v1.16.2 and earlier versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ss-proj.org/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/shirasagi/shirasagi"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ss-proj.org/support/938.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN18765463/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22427",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T15:19:54.606769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T15:20:36.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SHIRASAGI",
"vendor": "SHIRASAGI Project",
"versions": [
{
"status": "affected",
"version": "v1.16.2 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-24T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ss-proj.org/"
},
{
"url": "https://github.com/shirasagi/shirasagi"
},
{
"url": "https://www.ss-proj.org/support/938.html"
},
{
"url": "https://jvn.jp/en/jp/JVN18765463/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22427",
"datePublished": "2023-02-24T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-03-12T15:20:36.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22425 (GCVE-0-2023-22425)
Vulnerability from cvelistv5 – Published: 2023-02-24 00:00 – Updated: 2025-03-12 15:24
VLAI?
Summary
Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.
Severity ?
5.4 (Medium)
CWE
- Cross-site scripting
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SHIRASAGI Project | SHIRASAGI |
Affected:
v1.16.2 and earlier versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ss-proj.org/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/shirasagi/shirasagi"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ss-proj.org/support/938.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN18765463/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22425",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T15:23:25.999884Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T15:24:07.349Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SHIRASAGI",
"vendor": "SHIRASAGI Project",
"versions": [
{
"status": "affected",
"version": "v1.16.2 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-24T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ss-proj.org/"
},
{
"url": "https://github.com/shirasagi/shirasagi"
},
{
"url": "https://www.ss-proj.org/support/938.html"
},
{
"url": "https://jvn.jp/en/jp/JVN18765463/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22425",
"datePublished": "2023-02-24T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-03-12T15:24:07.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43479 (GCVE-0-2022-43479)
Vulnerability from cvelistv5 – Published: 2022-12-05 00:00 – Updated: 2025-04-24 14:14
VLAI?
Summary
Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack.
Severity ?
6.1 (Medium)
CWE
- Open Redirect
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SHIRASAGI Project | SHIRASAGI |
Affected:
v1.14.4 to v1.15.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ss-proj.org/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/shirasagi/shirasagi"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ss-proj.org/support/928.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN86350682/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43479",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T14:14:00.367331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T14:14:26.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SHIRASAGI",
"vendor": "SHIRASAGI Project",
"versions": [
{
"status": "affected",
"version": "v1.14.4 to v1.15.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-05T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ss-proj.org/"
},
{
"url": "https://github.com/shirasagi/shirasagi"
},
{
"url": "https://www.ss-proj.org/support/928.html"
},
{
"url": "https://jvn.jp/en/jp/JVN86350682/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-43479",
"datePublished": "2022-12-05T00:00:00.000Z",
"dateReserved": "2022-10-20T00:00:00.000Z",
"dateUpdated": "2025-04-24T14:14:26.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43499 (GCVE-0-2022-43499)
Vulnerability from cvelistv5 – Published: 2022-12-05 00:00 – Updated: 2025-04-24 14:08
VLAI?
Summary
Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
Severity ?
5.4 (Medium)
CWE
- Cross-site scripting
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SHIRASAGI Project | SHIRASAGI |
Affected:
versions prior to v1.16.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ss-proj.org/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/shirasagi/shirasagi"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ss-proj.org/support/928.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN86350682/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43499",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T14:08:18.235277Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T14:08:54.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SHIRASAGI",
"vendor": "SHIRASAGI Project",
"versions": [
{
"status": "affected",
"version": "versions prior to v1.16.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-05T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ss-proj.org/"
},
{
"url": "https://github.com/shirasagi/shirasagi"
},
{
"url": "https://www.ss-proj.org/support/928.html"
},
{
"url": "https://jvn.jp/en/jp/JVN86350682/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-43499",
"datePublished": "2022-12-05T00:00:00.000Z",
"dateReserved": "2022-10-20T00:00:00.000Z",
"dateUpdated": "2025-04-24T14:08:54.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29485 (GCVE-0-2022-29485)
Vulnerability from cvelistv5 – Published: 2022-06-14 07:05 – Updated: 2024-08-03 06:26
VLAI?
Summary
Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SHIRASAGI Project | SHIRASAGI |
Affected:
v1.0.0 to v1.14.2, and v1.15.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:05.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ss-proj.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/shirasagi/shirasagi"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ss-proj.org/support/843.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32962443/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SHIRASAGI",
"vendor": "SHIRASAGI Project",
"versions": [
{
"status": "affected",
"version": "v1.0.0 to v1.14.2, and v1.15.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T07:05:39.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ss-proj.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/shirasagi/shirasagi"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ss-proj.org/support/843.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN32962443/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SHIRASAGI",
"version": {
"version_data": [
{
"version_value": "v1.0.0 to v1.14.2, and v1.15.0"
}
]
}
}
]
},
"vendor_name": "SHIRASAGI Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ss-proj.org/",
"refsource": "MISC",
"url": "https://www.ss-proj.org/"
},
{
"name": "https://github.com/shirasagi/shirasagi",
"refsource": "MISC",
"url": "https://github.com/shirasagi/shirasagi"
},
{
"name": "https://www.ss-proj.org/support/843.html",
"refsource": "MISC",
"url": "https://www.ss-proj.org/support/843.html"
},
{
"name": "https://jvn.jp/en/jp/JVN32962443/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN32962443/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29485",
"datePublished": "2022-06-14T07:05:39.000Z",
"dateReserved": "2022-05-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:26:05.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5607 (GCVE-0-2020-5607)
Vulnerability from cvelistv5 – Published: 2020-07-10 01:30 – Updated: 2024-08-04 08:30
VLAI?
Summary
Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Open Redirect
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SHIRASAGI Project | SHIRASAGI |
Affected:
v1.13.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ss-proj.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/shirasagi/shirasagi"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55657988/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SHIRASAGI",
"vendor": "SHIRASAGI Project",
"versions": [
{
"status": "affected",
"version": "v1.13.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-10T01:30:18.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ss-proj.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/shirasagi/shirasagi"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55657988/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SHIRASAGI",
"version": {
"version_data": [
{
"version_value": "v1.13.1 and earlier"
}
]
}
}
]
},
"vendor_name": "SHIRASAGI Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ss-proj.org/",
"refsource": "MISC",
"url": "https://www.ss-proj.org/"
},
{
"name": "https://github.com/shirasagi/shirasagi",
"refsource": "MISC",
"url": "https://github.com/shirasagi/shirasagi"
},
{
"name": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a",
"refsource": "MISC",
"url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a"
},
{
"name": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a.patch",
"refsource": "MISC",
"url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a.patch"
},
{
"name": "https://jvn.jp/en/jp/JVN55657988/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55657988/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5607",
"datePublished": "2020-07-10T01:30:18.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:30:24.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6009 (GCVE-0-2019-6009)
Vulnerability from cvelistv5 – Published: 2019-09-12 15:58 – Updated: 2024-08-04 20:09
VLAI?
Summary
Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Open Redirect
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SHIRASAGI Project | SHIRASAGI |
Affected:
v1.7.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ss-proj.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/shirasagi/shirasagi"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN74699196/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SHIRASAGI",
"vendor": "SHIRASAGI Project",
"versions": [
{
"status": "affected",
"version": "v1.7.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-12T15:58:55.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ss-proj.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/shirasagi/shirasagi"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN74699196/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SHIRASAGI",
"version": {
"version_data": [
{
"version_value": "v1.7.0 and earlier"
}
]
}
}
]
},
"vendor_name": "SHIRASAGI Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ss-proj.org/",
"refsource": "MISC",
"url": "https://www.ss-proj.org/"
},
{
"name": "https://github.com/shirasagi/shirasagi",
"refsource": "MISC",
"url": "https://github.com/shirasagi/shirasagi"
},
{
"name": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3",
"refsource": "MISC",
"url": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3"
},
{
"name": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3.patch",
"refsource": "MISC",
"url": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3.patch"
},
{
"name": "http://jvn.jp/en/jp/JVN74699196/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN74699196/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6009",
"datePublished": "2019-09-12T15:58:55.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:23.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}