Search

Find a vulnerability

Search criteria

    29 vulnerabilities by SHIRASAGI Project

    JVNDB-2024-000111

    Vulnerability from jvndb - Published: 2024-10-16 14:12 - Updated:2024-10-23 17:35
    Severity
    Summary
    SHIRASAGI vulnerable to path traversal
    Details
    SHIRASAGI provided by SHIRASAGI Project processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability (CWE-22). Shogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000111.html",
      "dc:date": "2024-10-23T17:35+09:00",
      "dcterms:issued": "2024-10-16T14:12+09:00",
      "dcterms:modified": "2024-10-23T17:35+09:00",
      "description": "SHIRASAGI provided by SHIRASAGI Project processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability (CWE-22).\r\n\r\nShogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000111.html",
      "sec:cpe": {
        "#text": "cpe:/a:ss-proj:shirasagi",
        "@product": "SHIRASAGI",
        "@vendor": "SHIRASAGI Project",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "8.6",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-000111",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN58721679/index.html",
          "@id": "JVN#58721679",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-46898",
          "@id": "CVE-2024-46898",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        }
      ],
      "title": "SHIRASAGI vulnerable to path traversal"
    }

    JVNDB-2023-000088

    Vulnerability from jvndb - Published: 2023-09-04 13:41 - Updated:2024-05-14 17:58
    Severity
    Summary
    Multiple vulnerabilities in SHIRASAGI
    Details
    SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. * Reflected cross-site scripting (CWE-79) - CVE-2023-36492 * Stored cross-site scripting (CWE-79) - CVE-2023-38569 * Path traversal (CWE-22) - CVE-2023-39448 CVE-2023-36492, CVE-2023-38569 Taiga Shirakura of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2023-39448 Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000088.html",
      "dc:date": "2024-05-14T17:58+09:00",
      "dcterms:issued": "2023-09-04T13:41+09:00",
      "dcterms:modified": "2024-05-14T17:58+09:00",
      "description": "SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below.\r\n\r\n  * Reflected cross-site scripting (CWE-79) - CVE-2023-36492\r\n  * Stored cross-site scripting (CWE-79) - CVE-2023-38569\r\n  * Path traversal (CWE-22) - CVE-2023-39448\r\n\r\nCVE-2023-36492, CVE-2023-38569\r\nTaiga Shirakura of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-39448\r\nMasashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000088.html",
      "sec:cpe": {
        "#text": "cpe:/a:ss-proj:shirasagi",
        "@product": "SHIRASAGI",
        "@vendor": "SHIRASAGI Project",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000088",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN82758000/index.html",
          "@id": "JVN#82758000",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-36492",
          "@id": "CVE-2023-36492",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-38569",
          "@id": "CVE-2023-38569",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-39448",
          "@id": "CVE-2023-39448",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-36492",
          "@id": "CVE-2023-36492",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38569",
          "@id": "CVE-2023-38569",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39448",
          "@id": "CVE-2023-39448",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Multiple vulnerabilities in SHIRASAGI"
    }

    JVNDB-2023-000018

    Vulnerability from jvndb - Published: 2023-02-22 15:16 - Updated:2024-06-10 17:18
    Severity
    Summary
    Multiple cross-site scripting vulnerabilities in SHIRASAGI
    Details
    SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. * Stored cross-site scripting vulnerability on Schedule function (CWE-79) - CVE-2023-22425 * Stored cross-site scripting vulnerability on Theme switching function (CWE-79) - CVE-2023-22427 CVE-2023-22425 Ren Toda of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2023-22427 SHIRASAGI Project reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000018.html",
      "dc:date": "2024-06-10T17:18+09:00",
      "dcterms:issued": "2023-02-22T15:16+09:00",
      "dcterms:modified": "2024-06-10T17:18+09:00",
      "description": "SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below.\r\n\r\n  * Stored cross-site scripting vulnerability on Schedule function (CWE-79) - CVE-2023-22425\r\n  * Stored cross-site scripting vulnerability on Theme switching function (CWE-79) - CVE-2023-22427\r\n\r\nCVE-2023-22425\r\nRen Toda of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-22427\r\nSHIRASAGI Project reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000018.html",
      "sec:cpe": {
        "#text": "cpe:/a:ss-proj:shirasagi",
        "@product": "SHIRASAGI",
        "@vendor": "SHIRASAGI Project",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "3.5",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "5.4",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000018",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN18765463/index.html",
          "@id": "JVN#18765463",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-22425",
          "@id": "CVE-2023-22425",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-22427",
          "@id": "CVE-2023-22427",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22425",
          "@id": "CVE-2023-22425",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22427",
          "@id": "CVE-2023-22427",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Multiple cross-site scripting vulnerabilities in SHIRASAGI"
    }

    JVNDB-2022-000083

    Vulnerability from jvndb - Published: 2022-10-25 15:10 - Updated:2024-06-05 16:06
    Severity
    Summary
    Multiple vulnerabilities in SHIRASAGI
    Details
    SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below.
    • Open Redirect (CWE-601) - CVE-2022-43479
    • Stored Cross-site Scripting (CWE-79) - CVE-2022-43499
    SHIGA TAKUMA of BroadBand Security, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000083.html",
      "dc:date": "2024-06-05T16:06+09:00",
      "dcterms:issued": "2022-10-25T15:10+09:00",
      "dcterms:modified": "2024-06-05T16:06+09:00",
      "description": "SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\r\n\u003cli\u003eOpen Redirect (CWE-601) - CVE-2022-43479\r\n\u003cli\u003eStored Cross-site Scripting (CWE-79) - CVE-2022-43499\u003c/ul\u003e\r\nSHIGA TAKUMA of BroadBand Security, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000083.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:ss-proj:shirasagi",
          "@product": "SHIRASAGI",
          "@vendor": "SHIRASAGI Project",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:ss-proj:shirasagi",
          "@product": "SHIRASAGI",
          "@vendor": "SHIRASAGI Project",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.7",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2022-000083",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN86350682/index.html",
          "@id": "JVN#86350682",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-43479",
          "@id": "CVE-2022-43479",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-43499",
          "@id": "CVE-2022-43499",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43479",
          "@id": "CVE-2022-43479",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43499",
          "@id": "CVE-2022-43499",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in SHIRASAGI"
    }

    JVNDB-2022-000043

    Vulnerability from jvndb - Published: 2022-06-09 13:31 - Updated:2024-06-18 11:13
    Severity
    Summary
    SHIRASAGI vulnerable to cross-site scripting
    Details
    SHIRASAGI provided by SHIRASAGI Project contains a cross-site scripting vulnerability (CWE-79). hibiki moriyama of STNet, Incorporated reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000043.html",
      "dc:date": "2024-06-18T11:13+09:00",
      "dcterms:issued": "2022-06-09T13:31+09:00",
      "dcterms:modified": "2024-06-18T11:13+09:00",
      "description": "SHIRASAGI provided by SHIRASAGI Project contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nhibiki moriyama of STNet, Incorporated reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000043.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:ss-proj:shirasagi",
          "@product": "SHIRASAGI",
          "@vendor": "SHIRASAGI Project",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:ss-proj:shirasagi",
          "@product": "SHIRASAGI",
          "@vendor": "SHIRASAGI Project",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "6.1",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2022-000043",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN32962443/index.html",
          "@id": "JVN#32962443",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-29485",
          "@id": "CVE-2022-29485",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29485",
          "@id": "CVE-2022-29485",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "SHIRASAGI vulnerable to cross-site scripting"
    }

    JVNDB-2020-000045

    Vulnerability from jvndb - Published: 2020-07-09 15:08 - Updated:2020-07-09 15:08
    Severity
    Summary
    SHIRASAGI vulnerable to open redirect
    Details
    SHIRASAGI provided by SHIRASAGI Project contains an open redirect vulnerability (CWE-601). Ryoya Koyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000045.html",
      "dc:date": "2020-07-09T15:08+09:00",
      "dcterms:issued": "2020-07-09T15:08+09:00",
      "dcterms:modified": "2020-07-09T15:08+09:00",
      "description": "SHIRASAGI provided by SHIRASAGI Project contains an open redirect vulnerability (CWE-601).\r\n\r\nRyoya Koyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000045.html",
      "sec:cpe": {
        "#text": "cpe:/a:ss-proj:shirasagi",
        "@product": "SHIRASAGI",
        "@vendor": "SHIRASAGI Project",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.7",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2020-000045",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN55657988/index.html",
          "@id": "JVN#55657988",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5607",
          "@id": "CVE-2020-5607",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5607",
          "@id": "CVE-2020-5607",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-20",
          "@title": "Improper Input Validation(CWE-20)"
        }
      ],
      "title": "SHIRASAGI vulnerable to open redirect"
    }

    JVNDB-2019-000057

    Vulnerability from jvndb - Published: 2019-09-10 13:56 - Updated:2019-09-10 13:56
    Severity
    Summary
    SHIRASAGI vulnerable to open redirect
    Details
    SHIRASAGI provided by SHIRASAGI Project contains an open redirect vulnerability (CWE-601). Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000057.html",
      "dc:date": "2019-09-10T13:56+09:00",
      "dcterms:issued": "2019-09-10T13:56+09:00",
      "dcterms:modified": "2019-09-10T13:56+09:00",
      "description": "SHIRASAGI provided by SHIRASAGI Project contains an open redirect vulnerability (CWE-601).\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000057.html",
      "sec:cpe": {
        "#text": "cpe:/a:ss-proj:shirasagi",
        "@product": "SHIRASAGI",
        "@vendor": "SHIRASAGI Project",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.7",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2019-000057",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN74699196/index.html",
          "@id": "JVN#74699196",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6009",
          "@id": "CVE-2019-6009",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6009",
          "@id": "CVE-2019-6009",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-20",
          "@title": "Improper Input Validation(CWE-20)"
        }
      ],
      "title": "SHIRASAGI vulnerable to open redirect"
    }

    CVE-2024-46898 (GCVE-0-2024-46898)

    Vulnerability from nvd – Published: 2024-10-15 06:10 – Updated: 2024-10-23 04:58
    VLAI
    Summary
    SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: prior to v1.19.1
    Create a notification for this product.
    ss-proj shirasagi Affected: 0 , < 1.19.1 (custom)
        cpe:2.3:a:ss-proj:shirasagi:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ss-proj:shirasagi:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "shirasagi",
                "vendor": "ss-proj",
                "versions": [
                  {
                    "lessThan": "1.19.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-46898",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T13:46:04.867617Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T13:48:49.696Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI",
              "vendor": "SHIRASAGI Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to v1.19.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T04:58:28.816Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://github.com/shirasagi/shirasagi/commit/5ac4685d7e4330f949f13219069107fc5d768934"
            },
            {
              "url": "https://www.ss-proj.org/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN58721679/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-46898",
        "datePublished": "2024-10-15T06:10:30.968Z",
        "dateReserved": "2024-10-04T06:36:35.246Z",
        "dateUpdated": "2024-10-23T04:58:28.816Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38569 (GCVE-0-2023-38569)

    Vulnerability from nvd – Published: 2023-09-05 09:10 – Updated: 2024-09-30 17:26
    VLAI
    Summary
    Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Cross-site scripting (XSS)
    Assigner
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: prior to v1.18.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.462Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/support/954.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN82758000/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38569",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T17:26:03.643737Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T17:26:17.223Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI ",
              "vendor": "SHIRASAGI Project ",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to v1.18.0 "
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting (XSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-05T09:10:17.838Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ss-proj.org/support/954.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN82758000/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-38569",
        "datePublished": "2023-09-05T09:10:17.838Z",
        "dateReserved": "2023-08-09T02:20:28.470Z",
        "dateUpdated": "2024-09-30T17:26:17.223Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36492 (GCVE-0-2023-36492)

    Vulnerability from nvd – Published: 2023-09-05 09:09 – Updated: 2024-09-30 17:26
    VLAI
    Summary
    Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Cross-site scripting (XSS)
    Assigner
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: prior to v1.18.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:45:56.823Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/support/954.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN82758000/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36492",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T17:26:46.999024Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T17:26:59.102Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI",
              "vendor": "SHIRASAGI Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to v1.18.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting (XSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-05T09:09:44.818Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ss-proj.org/support/954.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN82758000/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-36492",
        "datePublished": "2023-09-05T09:09:44.818Z",
        "dateReserved": "2023-08-09T02:20:29.499Z",
        "dateUpdated": "2024-09-30T17:26:59.102Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39448 (GCVE-0-2023-39448)

    Vulnerability from nvd – Published: 2023-09-05 08:28 – Updated: 2024-09-30 15:46
    VLAI
    Summary
    Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Path traversal
    Assigner
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: prior to v1.18.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.787Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/support/954.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN82758000/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39448",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T15:45:48.298745Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T15:46:01.328Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI",
              "vendor": "SHIRASAGI Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to v1.18.0 "
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Path traversal vulnerability in SHIRASAGI prior to v1.18.0  allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-05T08:28:06.883Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ss-proj.org/support/954.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN82758000/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-39448",
        "datePublished": "2023-09-05T08:28:06.883Z",
        "dateReserved": "2023-08-09T02:20:27.425Z",
        "dateUpdated": "2024-09-30T15:46:01.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22427 (GCVE-0-2023-22427)

    Vulnerability from nvd – Published: 2023-02-24 00:00 – Updated: 2025-03-12 15:20
    VLAI
    Summary
    Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Cross-site scripting
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: v1.16.2 and earlier versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:07:06.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/support/938.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN18765463/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22427",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-12T15:19:54.606769Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-12T15:20:36.105Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI",
              "vendor": "SHIRASAGI Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.16.2 and earlier versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-24T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ss-proj.org/"
            },
            {
              "url": "https://github.com/shirasagi/shirasagi"
            },
            {
              "url": "https://www.ss-proj.org/support/938.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN18765463/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-22427",
        "datePublished": "2023-02-24T00:00:00.000Z",
        "dateReserved": "2022-12-28T00:00:00.000Z",
        "dateUpdated": "2025-03-12T15:20:36.105Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22425 (GCVE-0-2023-22425)

    Vulnerability from nvd – Published: 2023-02-24 00:00 – Updated: 2025-03-12 15:24
    VLAI
    Summary
    Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Cross-site scripting
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: v1.16.2 and earlier versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:07:06.693Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/support/938.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN18765463/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22425",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-12T15:23:25.999884Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-12T15:24:07.349Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI",
              "vendor": "SHIRASAGI Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.16.2 and earlier versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-24T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ss-proj.org/"
            },
            {
              "url": "https://github.com/shirasagi/shirasagi"
            },
            {
              "url": "https://www.ss-proj.org/support/938.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN18765463/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-22425",
        "datePublished": "2023-02-24T00:00:00.000Z",
        "dateReserved": "2022-12-28T00:00:00.000Z",
        "dateUpdated": "2025-03-12T15:24:07.349Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43499 (GCVE-0-2022-43499)

    Vulnerability from nvd – Published: 2022-12-05 00:00 – Updated: 2025-04-24 14:08
    VLAI
    Summary
    Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Cross-site scripting
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: versions prior to v1.16.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:32:59.642Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/support/928.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN86350682/index.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43499",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-24T14:08:18.235277Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-24T14:08:54.850Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI",
              "vendor": "SHIRASAGI Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to v1.16.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-05T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ss-proj.org/"
            },
            {
              "url": "https://github.com/shirasagi/shirasagi"
            },
            {
              "url": "https://www.ss-proj.org/support/928.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN86350682/index.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-43499",
        "datePublished": "2022-12-05T00:00:00.000Z",
        "dateReserved": "2022-10-20T00:00:00.000Z",
        "dateUpdated": "2025-04-24T14:08:54.850Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43479 (GCVE-0-2022-43479)

    Vulnerability from nvd – Published: 2022-12-05 00:00 – Updated: 2025-04-24 14:14
    VLAI
    Summary
    Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Open Redirect
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: v1.14.4 to v1.15.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:32:59.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/support/928.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN86350682/index.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43479",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-24T14:14:00.367331Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-601",
                    "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-24T14:14:26.052Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI",
              "vendor": "SHIRASAGI Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.14.4 to v1.15.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Open Redirect",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-05T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ss-proj.org/"
            },
            {
              "url": "https://github.com/shirasagi/shirasagi"
            },
            {
              "url": "https://www.ss-proj.org/support/928.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN86350682/index.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-43479",
        "datePublished": "2022-12-05T00:00:00.000Z",
        "dateReserved": "2022-10-20T00:00:00.000Z",
        "dateUpdated": "2025-04-24T14:14:26.052Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29485 (GCVE-0-2022-29485)

    Vulnerability from nvd – Published: 2022-06-14 07:05 – Updated: 2024-08-03 06:26
    VLAI
    Summary
    Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: v1.0.0 to v1.14.2, and v1.15.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:26:05.835Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/support/843.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN32962443/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI",
              "vendor": "SHIRASAGI Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.0.0 to v1.14.2, and v1.15.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-14T07:05:39.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ss-proj.org/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/shirasagi/shirasagi"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ss-proj.org/support/843.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN32962443/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-29485",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SHIRASAGI",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v1.0.0 to v1.14.2, and v1.15.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SHIRASAGI Project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ss-proj.org/",
                  "refsource": "MISC",
                  "url": "https://www.ss-proj.org/"
                },
                {
                  "name": "https://github.com/shirasagi/shirasagi",
                  "refsource": "MISC",
                  "url": "https://github.com/shirasagi/shirasagi"
                },
                {
                  "name": "https://www.ss-proj.org/support/843.html",
                  "refsource": "MISC",
                  "url": "https://www.ss-proj.org/support/843.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN32962443/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN32962443/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-29485",
        "datePublished": "2022-06-14T07:05:39.000Z",
        "dateReserved": "2022-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:26:05.835Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5607 (GCVE-0-2020-5607)

    Vulnerability from nvd – Published: 2020-07-10 01:30 – Updated: 2024-08-04 08:30
    VLAI
    Summary
    Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Open Redirect
    Assigner
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: v1.13.1 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:24.618Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a.patch"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN55657988/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI",
              "vendor": "SHIRASAGI Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13.1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Open Redirect",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-10T01:30:18.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ss-proj.org/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/shirasagi/shirasagi"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a.patch"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN55657988/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2020-5607",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SHIRASAGI",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v1.13.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SHIRASAGI Project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Open Redirect"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ss-proj.org/",
                  "refsource": "MISC",
                  "url": "https://www.ss-proj.org/"
                },
                {
                  "name": "https://github.com/shirasagi/shirasagi",
                  "refsource": "MISC",
                  "url": "https://github.com/shirasagi/shirasagi"
                },
                {
                  "name": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a",
                  "refsource": "MISC",
                  "url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a"
                },
                {
                  "name": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a.patch",
                  "refsource": "MISC",
                  "url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a.patch"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN55657988/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN55657988/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2020-5607",
        "datePublished": "2020-07-10T01:30:18.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:30:24.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6009 (GCVE-0-2019-6009)

    Vulnerability from nvd – Published: 2019-09-12 15:58 – Updated: 2024-08-04 20:09
    VLAI
    Summary
    Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Open Redirect
    Assigner
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: v1.7.0 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:09:23.960Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3.patch"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN74699196/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI",
              "vendor": "SHIRASAGI Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.7.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Open Redirect",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-12T15:58:55.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ss-proj.org/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/shirasagi/shirasagi"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3.patch"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://jvn.jp/en/jp/JVN74699196/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2019-6009",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SHIRASAGI",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v1.7.0 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SHIRASAGI Project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Open Redirect"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ss-proj.org/",
                  "refsource": "MISC",
                  "url": "https://www.ss-proj.org/"
                },
                {
                  "name": "https://github.com/shirasagi/shirasagi",
                  "refsource": "MISC",
                  "url": "https://github.com/shirasagi/shirasagi"
                },
                {
                  "name": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3",
                  "refsource": "MISC",
                  "url": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3"
                },
                {
                  "name": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3.patch",
                  "refsource": "MISC",
                  "url": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3.patch"
                },
                {
                  "name": "http://jvn.jp/en/jp/JVN74699196/index.html",
                  "refsource": "MISC",
                  "url": "http://jvn.jp/en/jp/JVN74699196/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2019-6009",
        "datePublished": "2019-09-12T15:58:55.000Z",
        "dateReserved": "2019-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:09:23.960Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-46898 (GCVE-0-2024-46898)

    Vulnerability from cvelistv5 – Published: 2024-10-15 06:10 – Updated: 2024-10-23 04:58
    VLAI
    Summary
    SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: prior to v1.19.1
    Create a notification for this product.
    ss-proj shirasagi Affected: 0 , < 1.19.1 (custom)
        cpe:2.3:a:ss-proj:shirasagi:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ss-proj:shirasagi:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "shirasagi",
                "vendor": "ss-proj",
                "versions": [
                  {
                    "lessThan": "1.19.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-46898",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T13:46:04.867617Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T13:48:49.696Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI",
              "vendor": "SHIRASAGI Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to v1.19.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T04:58:28.816Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://github.com/shirasagi/shirasagi/commit/5ac4685d7e4330f949f13219069107fc5d768934"
            },
            {
              "url": "https://www.ss-proj.org/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN58721679/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-46898",
        "datePublished": "2024-10-15T06:10:30.968Z",
        "dateReserved": "2024-10-04T06:36:35.246Z",
        "dateUpdated": "2024-10-23T04:58:28.816Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38569 (GCVE-0-2023-38569)

    Vulnerability from cvelistv5 – Published: 2023-09-05 09:10 – Updated: 2024-09-30 17:26
    VLAI
    Summary
    Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Cross-site scripting (XSS)
    Assigner
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: prior to v1.18.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.462Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/support/954.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN82758000/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38569",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T17:26:03.643737Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T17:26:17.223Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI ",
              "vendor": "SHIRASAGI Project ",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to v1.18.0 "
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting (XSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-05T09:10:17.838Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ss-proj.org/support/954.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN82758000/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-38569",
        "datePublished": "2023-09-05T09:10:17.838Z",
        "dateReserved": "2023-08-09T02:20:28.470Z",
        "dateUpdated": "2024-09-30T17:26:17.223Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36492 (GCVE-0-2023-36492)

    Vulnerability from cvelistv5 – Published: 2023-09-05 09:09 – Updated: 2024-09-30 17:26
    VLAI
    Summary
    Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Cross-site scripting (XSS)
    Assigner
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: prior to v1.18.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:45:56.823Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/support/954.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN82758000/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36492",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T17:26:46.999024Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T17:26:59.102Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI",
              "vendor": "SHIRASAGI Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to v1.18.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting (XSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-05T09:09:44.818Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ss-proj.org/support/954.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN82758000/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-36492",
        "datePublished": "2023-09-05T09:09:44.818Z",
        "dateReserved": "2023-08-09T02:20:29.499Z",
        "dateUpdated": "2024-09-30T17:26:59.102Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39448 (GCVE-0-2023-39448)

    Vulnerability from cvelistv5 – Published: 2023-09-05 08:28 – Updated: 2024-09-30 15:46
    VLAI
    Summary
    Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Path traversal
    Assigner
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: prior to v1.18.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.787Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/support/954.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN82758000/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39448",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T15:45:48.298745Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T15:46:01.328Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI",
              "vendor": "SHIRASAGI Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to v1.18.0 "
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Path traversal vulnerability in SHIRASAGI prior to v1.18.0  allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-05T08:28:06.883Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ss-proj.org/support/954.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN82758000/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-39448",
        "datePublished": "2023-09-05T08:28:06.883Z",
        "dateReserved": "2023-08-09T02:20:27.425Z",
        "dateUpdated": "2024-09-30T15:46:01.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22425 (GCVE-0-2023-22425)

    Vulnerability from cvelistv5 – Published: 2023-02-24 00:00 – Updated: 2025-03-12 15:24
    VLAI
    Summary
    Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Cross-site scripting
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: v1.16.2 and earlier versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:07:06.693Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/support/938.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN18765463/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22425",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-12T15:23:25.999884Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-12T15:24:07.349Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI",
              "vendor": "SHIRASAGI Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.16.2 and earlier versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-24T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ss-proj.org/"
            },
            {
              "url": "https://github.com/shirasagi/shirasagi"
            },
            {
              "url": "https://www.ss-proj.org/support/938.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN18765463/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-22425",
        "datePublished": "2023-02-24T00:00:00.000Z",
        "dateReserved": "2022-12-28T00:00:00.000Z",
        "dateUpdated": "2025-03-12T15:24:07.349Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22427 (GCVE-0-2023-22427)

    Vulnerability from cvelistv5 – Published: 2023-02-24 00:00 – Updated: 2025-03-12 15:20
    VLAI
    Summary
    Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Cross-site scripting
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: v1.16.2 and earlier versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:07:06.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/support/938.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN18765463/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22427",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-12T15:19:54.606769Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-12T15:20:36.105Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI",
              "vendor": "SHIRASAGI Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.16.2 and earlier versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-24T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ss-proj.org/"
            },
            {
              "url": "https://github.com/shirasagi/shirasagi"
            },
            {
              "url": "https://www.ss-proj.org/support/938.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN18765463/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-22427",
        "datePublished": "2023-02-24T00:00:00.000Z",
        "dateReserved": "2022-12-28T00:00:00.000Z",
        "dateUpdated": "2025-03-12T15:20:36.105Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43479 (GCVE-0-2022-43479)

    Vulnerability from cvelistv5 – Published: 2022-12-05 00:00 – Updated: 2025-04-24 14:14
    VLAI
    Summary
    Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Open Redirect
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: v1.14.4 to v1.15.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:32:59.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/support/928.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN86350682/index.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43479",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-24T14:14:00.367331Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-601",
                    "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-24T14:14:26.052Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI",
              "vendor": "SHIRASAGI Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.14.4 to v1.15.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Open Redirect",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-05T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ss-proj.org/"
            },
            {
              "url": "https://github.com/shirasagi/shirasagi"
            },
            {
              "url": "https://www.ss-proj.org/support/928.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN86350682/index.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-43479",
        "datePublished": "2022-12-05T00:00:00.000Z",
        "dateReserved": "2022-10-20T00:00:00.000Z",
        "dateUpdated": "2025-04-24T14:14:26.052Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43499 (GCVE-0-2022-43499)

    Vulnerability from cvelistv5 – Published: 2022-12-05 00:00 – Updated: 2025-04-24 14:08
    VLAI
    Summary
    Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Cross-site scripting
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: versions prior to v1.16.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:32:59.642Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/support/928.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN86350682/index.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43499",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-24T14:08:18.235277Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-24T14:08:54.850Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI",
              "vendor": "SHIRASAGI Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to v1.16.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-05T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ss-proj.org/"
            },
            {
              "url": "https://github.com/shirasagi/shirasagi"
            },
            {
              "url": "https://www.ss-proj.org/support/928.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN86350682/index.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-43499",
        "datePublished": "2022-12-05T00:00:00.000Z",
        "dateReserved": "2022-10-20T00:00:00.000Z",
        "dateUpdated": "2025-04-24T14:08:54.850Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29485 (GCVE-0-2022-29485)

    Vulnerability from cvelistv5 – Published: 2022-06-14 07:05 – Updated: 2024-08-03 06:26
    VLAI
    Summary
    Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: v1.0.0 to v1.14.2, and v1.15.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:26:05.835Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/support/843.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN32962443/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI",
              "vendor": "SHIRASAGI Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.0.0 to v1.14.2, and v1.15.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-14T07:05:39.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ss-proj.org/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/shirasagi/shirasagi"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ss-proj.org/support/843.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN32962443/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-29485",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SHIRASAGI",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v1.0.0 to v1.14.2, and v1.15.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SHIRASAGI Project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ss-proj.org/",
                  "refsource": "MISC",
                  "url": "https://www.ss-proj.org/"
                },
                {
                  "name": "https://github.com/shirasagi/shirasagi",
                  "refsource": "MISC",
                  "url": "https://github.com/shirasagi/shirasagi"
                },
                {
                  "name": "https://www.ss-proj.org/support/843.html",
                  "refsource": "MISC",
                  "url": "https://www.ss-proj.org/support/843.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN32962443/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN32962443/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-29485",
        "datePublished": "2022-06-14T07:05:39.000Z",
        "dateReserved": "2022-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:26:05.835Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5607 (GCVE-0-2020-5607)

    Vulnerability from cvelistv5 – Published: 2020-07-10 01:30 – Updated: 2024-08-04 08:30
    VLAI
    Summary
    Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Open Redirect
    Assigner
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: v1.13.1 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:24.618Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a.patch"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN55657988/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI",
              "vendor": "SHIRASAGI Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13.1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Open Redirect",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-10T01:30:18.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ss-proj.org/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/shirasagi/shirasagi"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a.patch"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN55657988/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2020-5607",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SHIRASAGI",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v1.13.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SHIRASAGI Project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Open Redirect"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ss-proj.org/",
                  "refsource": "MISC",
                  "url": "https://www.ss-proj.org/"
                },
                {
                  "name": "https://github.com/shirasagi/shirasagi",
                  "refsource": "MISC",
                  "url": "https://github.com/shirasagi/shirasagi"
                },
                {
                  "name": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a",
                  "refsource": "MISC",
                  "url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a"
                },
                {
                  "name": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a.patch",
                  "refsource": "MISC",
                  "url": "https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a.patch"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN55657988/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN55657988/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2020-5607",
        "datePublished": "2020-07-10T01:30:18.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:30:24.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6009 (GCVE-0-2019-6009)

    Vulnerability from cvelistv5 – Published: 2019-09-12 15:58 – Updated: 2024-08-04 20:09
    VLAI
    Summary
    Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Open Redirect
    Assigner
    Impacted products
    Vendor Product Version
    SHIRASAGI Project SHIRASAGI Affected: v1.7.0 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:09:23.960Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ss-proj.org/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3.patch"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN74699196/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SHIRASAGI",
              "vendor": "SHIRASAGI Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.7.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Open Redirect",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-12T15:58:55.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ss-proj.org/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/shirasagi/shirasagi"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3.patch"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://jvn.jp/en/jp/JVN74699196/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2019-6009",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SHIRASAGI",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v1.7.0 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SHIRASAGI Project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Open Redirect"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ss-proj.org/",
                  "refsource": "MISC",
                  "url": "https://www.ss-proj.org/"
                },
                {
                  "name": "https://github.com/shirasagi/shirasagi",
                  "refsource": "MISC",
                  "url": "https://github.com/shirasagi/shirasagi"
                },
                {
                  "name": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3",
                  "refsource": "MISC",
                  "url": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3"
                },
                {
                  "name": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3.patch",
                  "refsource": "MISC",
                  "url": "https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3.patch"
                },
                {
                  "name": "http://jvn.jp/en/jp/JVN74699196/index.html",
                  "refsource": "MISC",
                  "url": "http://jvn.jp/en/jp/JVN74699196/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2019-6009",
        "datePublished": "2019-09-12T15:58:55.000Z",
        "dateReserved": "2019-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:09:23.960Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }