Search
Find a vulnerability
Search criteria
14 vulnerabilities by SiteBridge Inc.
CVE-2023-27888 (GCVE-0-2023-27888)
Vulnerability from nvd – Published: 2023-05-10 00:00 – Updated: 2025-01-27 21:04
VLAI
Summary
Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier allows a remote authenticated attacker to inject an arbitrary script via Message Memo function of the affected product.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross-site scripting
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SiteBridge Inc. | Joruri Gw |
Affected:
Ver 3.2.5 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://joruri-pwm.jp/org/docs/2022093000017/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN87559956/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-27888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T21:04:22.514043Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T21:04:26.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Joruri Gw",
"vendor": "SiteBridge Inc.",
"versions": [
{
"status": "affected",
"version": "Ver 3.2.5 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier allows a remote authenticated attacker to inject an arbitrary script via Message Memo function of the affected product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://joruri-pwm.jp/org/docs/2022093000017/"
},
{
"url": "https://jvn.jp/en/jp/JVN87559956/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-27888",
"datePublished": "2023-05-10T00:00:00.000Z",
"dateReserved": "2023-03-15T00:00:00.000Z",
"dateUpdated": "2025-01-27T21:04:26.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5967 (GCVE-0-2019-5967)
Vulnerability from nvd – Published: 2019-07-05 13:20 – Updated: 2024-08-04 20:09
VLAI
Summary
Cross-site scripting vulnerability in Joruri CMS 2017 Release2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://joruri.org/docs/2018060400058/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN29188908/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SiteBridge Inc. | Joruri CMS 2017 |
Affected:
Release2 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:24.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joruri.org/docs/2018060400058/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN29188908/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joruri CMS 2017",
"vendor": "SiteBridge Inc.",
"versions": [
{
"status": "affected",
"version": "Release2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Joruri CMS 2017 Release2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-05T13:20:17.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joruri.org/docs/2018060400058/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN29188908/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joruri CMS 2017",
"version": {
"version_data": [
{
"version_value": "Release2 and earlier"
}
]
}
}
]
},
"vendor_name": "SiteBridge Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Joruri CMS 2017 Release2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://joruri.org/docs/2018060400058/",
"refsource": "MISC",
"url": "https://joruri.org/docs/2018060400058/"
},
{
"name": "https://jvn.jp/en/jp/JVN29188908/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN29188908/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5967",
"datePublished": "2019-07-05T13:20:17.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:24.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5966 (GCVE-0-2019-5966)
Vulnerability from nvd – Published: 2019-07-05 13:20 – Updated: 2024-08-04 20:09
VLAI
Summary
Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and alter/disclose the information via unspecified vectors.
Severity
No CVSS data available.
CWE
- Fails to manage sessions
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://joruri.org/docs/2018060400041/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN58052567/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SiteBridge Inc. | Joruri Mail |
Affected:
2.1.4 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joruri.org/docs/2018060400041/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN58052567/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joruri Mail",
"vendor": "SiteBridge Inc.",
"versions": [
{
"status": "affected",
"version": "2.1.4 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and alter/disclose the information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to manage sessions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-05T13:20:17.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joruri.org/docs/2018060400041/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN58052567/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joruri Mail",
"version": {
"version_data": [
{
"version_value": "2.1.4 and earlier"
}
]
}
}
]
},
"vendor_name": "SiteBridge Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and alter/disclose the information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to manage sessions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://joruri.org/docs/2018060400041/",
"refsource": "MISC",
"url": "https://joruri.org/docs/2018060400041/"
},
{
"name": "https://jvn.jp/en/jp/JVN58052567/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN58052567/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5966",
"datePublished": "2019-07-05T13:20:17.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:23.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5965 (GCVE-0-2019-5965)
Vulnerability from nvd – Published: 2019-07-05 13:20 – Updated: 2024-08-04 20:09
VLAI
Summary
Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Severity
No CVSS data available.
CWE
- Open Redirect
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://joruri.org/docs/2018060400041/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN58052567/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SiteBridge Inc. | Joruri Mail |
Affected:
2.1.4 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joruri.org/docs/2018060400041/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN58052567/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joruri Mail",
"vendor": "SiteBridge Inc.",
"versions": [
{
"status": "affected",
"version": "2.1.4 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-05T13:20:17.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joruri.org/docs/2018060400041/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN58052567/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joruri Mail",
"version": {
"version_data": [
{
"version_value": "2.1.4 and earlier"
}
]
}
}
]
},
"vendor_name": "SiteBridge Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://joruri.org/docs/2018060400041/",
"refsource": "MISC",
"url": "https://joruri.org/docs/2018060400041/"
},
{
"name": "https://jvn.jp/en/jp/JVN58052567/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN58052567/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5965",
"datePublished": "2019-07-05T13:20:17.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:23.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0568 (GCVE-0-2018-0568)
Vulnerability from nvd – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
VLAI
Summary
Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ver 3.2.0 and earlier allows remote authenticated users to execute arbitrary PHP code via unspecified vectors.
Severity
No CVSS data available.
CWE
- Unrestricted file upload vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/joruri/joruri-gw/blob/master/d… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN95589314/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SiteBridge Inc. | Joruri Gw |
Affected:
Joruri Gw Ver 3.2.0 and earlier
|
Date Public
2018-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/joruri/joruri-gw/blob/master/doc/INSTALL.txt"
},
{
"name": "JVN#95589314",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN95589314/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joruri Gw",
"vendor": "SiteBridge Inc.",
"versions": [
{
"status": "affected",
"version": "Joruri Gw Ver 3.2.0 and earlier"
}
]
}
],
"datePublic": "2018-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ver 3.2.0 and earlier allows remote authenticated users to execute arbitrary PHP code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unrestricted file upload vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-14T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/joruri/joruri-gw/blob/master/doc/INSTALL.txt"
},
{
"name": "JVN#95589314",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN95589314/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joruri Gw",
"version": {
"version_data": [
{
"version_value": "Joruri Gw Ver 3.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "SiteBridge Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ver 3.2.0 and earlier allows remote authenticated users to execute arbitrary PHP code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/joruri/joruri-gw/blob/master/doc/INSTALL.txt",
"refsource": "MISC",
"url": "https://github.com/joruri/joruri-gw/blob/master/doc/INSTALL.txt"
},
{
"name": "JVN#95589314",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN95589314/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0568",
"datePublished": "2018-05-14T13:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27888 (GCVE-0-2023-27888)
Vulnerability from cvelistv5 – Published: 2023-05-10 00:00 – Updated: 2025-01-27 21:04
VLAI
Summary
Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier allows a remote authenticated attacker to inject an arbitrary script via Message Memo function of the affected product.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross-site scripting
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SiteBridge Inc. | Joruri Gw |
Affected:
Ver 3.2.5 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://joruri-pwm.jp/org/docs/2022093000017/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN87559956/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-27888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T21:04:22.514043Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T21:04:26.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Joruri Gw",
"vendor": "SiteBridge Inc.",
"versions": [
{
"status": "affected",
"version": "Ver 3.2.5 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier allows a remote authenticated attacker to inject an arbitrary script via Message Memo function of the affected product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://joruri-pwm.jp/org/docs/2022093000017/"
},
{
"url": "https://jvn.jp/en/jp/JVN87559956/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-27888",
"datePublished": "2023-05-10T00:00:00.000Z",
"dateReserved": "2023-03-15T00:00:00.000Z",
"dateUpdated": "2025-01-27T21:04:26.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5965 (GCVE-0-2019-5965)
Vulnerability from cvelistv5 – Published: 2019-07-05 13:20 – Updated: 2024-08-04 20:09
VLAI
Summary
Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Severity
No CVSS data available.
CWE
- Open Redirect
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://joruri.org/docs/2018060400041/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN58052567/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SiteBridge Inc. | Joruri Mail |
Affected:
2.1.4 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joruri.org/docs/2018060400041/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN58052567/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joruri Mail",
"vendor": "SiteBridge Inc.",
"versions": [
{
"status": "affected",
"version": "2.1.4 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-05T13:20:17.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joruri.org/docs/2018060400041/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN58052567/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joruri Mail",
"version": {
"version_data": [
{
"version_value": "2.1.4 and earlier"
}
]
}
}
]
},
"vendor_name": "SiteBridge Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://joruri.org/docs/2018060400041/",
"refsource": "MISC",
"url": "https://joruri.org/docs/2018060400041/"
},
{
"name": "https://jvn.jp/en/jp/JVN58052567/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN58052567/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5965",
"datePublished": "2019-07-05T13:20:17.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:23.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5967 (GCVE-0-2019-5967)
Vulnerability from cvelistv5 – Published: 2019-07-05 13:20 – Updated: 2024-08-04 20:09
VLAI
Summary
Cross-site scripting vulnerability in Joruri CMS 2017 Release2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://joruri.org/docs/2018060400058/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN29188908/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SiteBridge Inc. | Joruri CMS 2017 |
Affected:
Release2 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:24.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joruri.org/docs/2018060400058/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN29188908/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joruri CMS 2017",
"vendor": "SiteBridge Inc.",
"versions": [
{
"status": "affected",
"version": "Release2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Joruri CMS 2017 Release2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-05T13:20:17.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joruri.org/docs/2018060400058/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN29188908/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joruri CMS 2017",
"version": {
"version_data": [
{
"version_value": "Release2 and earlier"
}
]
}
}
]
},
"vendor_name": "SiteBridge Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Joruri CMS 2017 Release2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://joruri.org/docs/2018060400058/",
"refsource": "MISC",
"url": "https://joruri.org/docs/2018060400058/"
},
{
"name": "https://jvn.jp/en/jp/JVN29188908/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN29188908/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5967",
"datePublished": "2019-07-05T13:20:17.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:24.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5966 (GCVE-0-2019-5966)
Vulnerability from cvelistv5 – Published: 2019-07-05 13:20 – Updated: 2024-08-04 20:09
VLAI
Summary
Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and alter/disclose the information via unspecified vectors.
Severity
No CVSS data available.
CWE
- Fails to manage sessions
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://joruri.org/docs/2018060400041/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN58052567/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SiteBridge Inc. | Joruri Mail |
Affected:
2.1.4 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joruri.org/docs/2018060400041/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN58052567/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joruri Mail",
"vendor": "SiteBridge Inc.",
"versions": [
{
"status": "affected",
"version": "2.1.4 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and alter/disclose the information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to manage sessions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-05T13:20:17.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joruri.org/docs/2018060400041/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN58052567/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joruri Mail",
"version": {
"version_data": [
{
"version_value": "2.1.4 and earlier"
}
]
}
}
]
},
"vendor_name": "SiteBridge Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and alter/disclose the information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to manage sessions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://joruri.org/docs/2018060400041/",
"refsource": "MISC",
"url": "https://joruri.org/docs/2018060400041/"
},
{
"name": "https://jvn.jp/en/jp/JVN58052567/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN58052567/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5966",
"datePublished": "2019-07-05T13:20:17.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:23.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0568 (GCVE-0-2018-0568)
Vulnerability from cvelistv5 – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
VLAI
Summary
Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ver 3.2.0 and earlier allows remote authenticated users to execute arbitrary PHP code via unspecified vectors.
Severity
No CVSS data available.
CWE
- Unrestricted file upload vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/joruri/joruri-gw/blob/master/d… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN95589314/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SiteBridge Inc. | Joruri Gw |
Affected:
Joruri Gw Ver 3.2.0 and earlier
|
Date Public
2018-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/joruri/joruri-gw/blob/master/doc/INSTALL.txt"
},
{
"name": "JVN#95589314",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN95589314/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joruri Gw",
"vendor": "SiteBridge Inc.",
"versions": [
{
"status": "affected",
"version": "Joruri Gw Ver 3.2.0 and earlier"
}
]
}
],
"datePublic": "2018-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ver 3.2.0 and earlier allows remote authenticated users to execute arbitrary PHP code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unrestricted file upload vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-14T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/joruri/joruri-gw/blob/master/doc/INSTALL.txt"
},
{
"name": "JVN#95589314",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN95589314/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joruri Gw",
"version": {
"version_data": [
{
"version_value": "Joruri Gw Ver 3.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "SiteBridge Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ver 3.2.0 and earlier allows remote authenticated users to execute arbitrary PHP code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/joruri/joruri-gw/blob/master/doc/INSTALL.txt",
"refsource": "MISC",
"url": "https://github.com/joruri/joruri-gw/blob/master/doc/INSTALL.txt"
},
{
"name": "JVN#95589314",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN95589314/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0568",
"datePublished": "2018-05-14T13:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2023-000037
Vulnerability from jvndb - Published: 2023-04-17 14:19 - Updated:2024-05-30 16:19
Severity
Summary
Joruri Gw vulnerable to cross-site scripting
Details
Joruri Gw provided by SiteBridge Inc. is groupware. Message Memo function of Joruri Gw contains a cross-site scripting vulnerability (CWE-79).
Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000037.html",
"dc:date": "2024-05-30T16:19+09:00",
"dcterms:issued": "2023-04-17T14:19+09:00",
"dcterms:modified": "2024-05-30T16:19+09:00",
"description": "Joruri Gw provided by SiteBridge Inc. is groupware. Message Memo function of Joruri Gw contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nTsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000037.html",
"sec:cpe": {
"#text": "cpe:/a:sitebridge:joruri_gw",
"@product": "Joruri Gw",
"@vendor": "SiteBridge Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000037",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN87559956/index.html",
"@id": "JVN#87559956",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-27888",
"@id": "CVE-2023-27888",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27888",
"@id": "CVE-2023-27888",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Joruri Gw vulnerable to cross-site scripting"
}
JVNDB-2019-000032
Vulnerability from jvndb - Published: 2019-06-07 15:09 - Updated:2019-10-02 17:53
Severity
Summary
Joruri CMS 2017 vulnerable to cross-site scripting
Details
Joruri CMS 2017 provided by SiteBridge Inc. contains a cross-site scripting vulnerability (CWE-79).
Yuji Tounai of Mercari, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000032.html",
"dc:date": "2019-10-02T17:53+09:00",
"dcterms:issued": "2019-06-07T15:09+09:00",
"dcterms:modified": "2019-10-02T17:53+09:00",
"description": "Joruri CMS 2017 provided by SiteBridge Inc. contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nYuji Tounai of Mercari, Inc. reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000032.html",
"sec:cpe": {
"#text": "cpe:/a:sitebridge:joruri_cms_2017",
"@product": "Joruri CMS 2017",
"@vendor": "SiteBridge Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000032",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN29188908/index.html",
"@id": "JVN#29188908",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5967",
"@id": "CVE-2019-5967",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5967",
"@id": "CVE-2019-5967",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Joruri CMS 2017 vulnerable to cross-site scripting"
}
JVNDB-2019-000031
Vulnerability from jvndb - Published: 2019-06-07 15:03 - Updated:2019-10-01 10:50
Severity
Summary
Multiple vulnerabilities in Joruri Mail
Details
Joruri Mail provided by SiteBridge Inc. contains multiple vulnerabilities listed below.
* Open Redirect (CWE-601) - CVE-2019-5965
* Session Management (CWE-639) - CVE-2019-5966
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000031.html",
"dc:date": "2019-10-01T10:50+09:00",
"dcterms:issued": "2019-06-07T15:03+09:00",
"dcterms:modified": "2019-10-01T10:50+09:00",
"description": "Joruri Mail provided by SiteBridge Inc. contains multiple vulnerabilities listed below.\r\n* Open Redirect (CWE-601) - CVE-2019-5965\r\n* Session Management (CWE-639) - CVE-2019-5966\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000031.html",
"sec:cpe": {
"#text": "cpe:/a:sitebridge:joruri_mail",
"@product": "Joruri Mail",
"@vendor": "SiteBridge Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000031",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN58052567/index.html",
"@id": "JVN#58052567",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5965",
"@id": "CVE-2019-5965",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5966",
"@id": "CVE-2019-5966",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5965",
"@id": "CVE-2019-5965",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5966",
"@id": "CVE-2019-5966",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Multiple vulnerabilities in Joruri Mail"
}
JVNDB-2018-000036
Vulnerability from jvndb - Published: 2018-04-26 15:19 - Updated:2018-08-30 14:02
Severity
Summary
Joruri Gw vulnerable to arbitrary file upload
Details
Joruri Gw provided by SiteBridge Inc. is groupware which runs on Ruby on Rails. Joruri Gw contains a vulnerability that may allow an attacker to upload arbitrary files (CWE-434).
Shoji Baba of Kobe Digital Labo, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000036.html",
"dc:date": "2018-08-30T14:02+09:00",
"dcterms:issued": "2018-04-26T15:19+09:00",
"dcterms:modified": "2018-08-30T14:02+09:00",
"description": "Joruri Gw provided by SiteBridge Inc. is groupware which runs on Ruby on Rails. Joruri Gw contains a vulnerability that may allow an attacker to upload arbitrary files (CWE-434).\r\n\r\nShoji Baba of Kobe Digital Labo, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000036.html",
"sec:cpe": {
"#text": "cpe:/a:sitebridge:joruri_gw",
"@product": "Joruri Gw",
"@vendor": "SiteBridge Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000036",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN95589314/index.html",
"@id": "JVN#95589314",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0568",
"@id": "CVE-2018-0568",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0568",
"@id": "CVE-2018-0568",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Joruri Gw vulnerable to arbitrary file upload"
}