Search

Find a vulnerability

Search criteria

    10 vulnerabilities by openpne

    CVE-2024-27278 (GCVE-0-2024-27278)

    Vulnerability from nvd – Published: 2024-03-05 23:49 – Updated: 2025-03-27 14:25
    VLAI
    Summary
    OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Cross-site scripting (XSS)
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-27278",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-06T19:10:15.121387Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T14:25:32.763Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:27:59.908Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openpne.jp/archives/13458/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN78084105/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenPNE Plugin \"opTimelinePlugin\"",
              "vendor": "OpenPNE Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.11 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenPNE Plugin \"opTimelinePlugin\" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting (XSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-05T23:49:14.943Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "http://www.openpne.jp/archives/13458/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN78084105/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-27278",
        "datePublished": "2024-03-05T23:49:14.943Z",
        "dateReserved": "2024-02-22T01:52:03.723Z",
        "dateUpdated": "2025-03-27T14:25:32.763Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4335 (GCVE-0-2013-4335)

    Vulnerability from nvd – Published: 2020-02-07 14:06 – Updated: 2024-08-06 16:38
    VLAI
    Summary
    opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities
    Severity
    No CVSS data available.
    CWE
    • XXE
    Assigner
    Impacted products
    Vendor Product Version
    opOpenSocialPlugin opOpenSocialPlugin Affected: 0.8.2.1
    Affected: > 0.9.9.2
    Affected: 0.9.13
    Affected: 1.2.6 (Fixed: 0.8.2.2
    Affected: 0.9.9.3
    Affected: 0.9.13.1
    Affected: 1.2.6.1)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:38:02.022Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/62287"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87033"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "opOpenSocialPlugin",
              "vendor": "opOpenSocialPlugin",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.8.2.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e 0.9.9.2"
                },
                {
                  "status": "affected",
                  "version": "0.9.13"
                },
                {
                  "status": "affected",
                  "version": "1.2.6 (Fixed: 0.8.2.2"
                },
                {
                  "status": "affected",
                  "version": "0.9.9.3"
                },
                {
                  "status": "affected",
                  "version": "0.9.13.1"
                },
                {
                  "status": "affected",
                  "version": "1.2.6.1)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "opOpenSocialPlugin 0.8.2.1, \u003e 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XXE",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-07T14:06:16.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/62287"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87033"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-4335",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "opOpenSocialPlugin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "0.8.2.1"
                              },
                              {
                                "version_value": "\u003e 0.9.9.2"
                              },
                              {
                                "version_value": "0.9.13"
                              },
                              {
                                "version_value": "1.2.6 (Fixed: 0.8.2.2"
                              },
                              {
                                "version_value": "0.9.9.3"
                              },
                              {
                                "version_value": "0.9.13.1"
                              },
                              {
                                "version_value": "1.2.6.1)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "opOpenSocialPlugin"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "opOpenSocialPlugin 0.8.2.1, \u003e 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XXE"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.openwall.com/lists/oss-security/2013/09/11/6",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
                },
                {
                  "name": "http://www.securityfocus.com/bid/62287",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/62287"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87033",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87033"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-4335",
        "datePublished": "2020-02-07T14:06:16.000Z",
        "dateReserved": "2013-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:38:02.022Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4333 (GCVE-0-2013-4333)

    Vulnerability from nvd – Published: 2020-01-24 14:44 – Updated: 2024-08-06 16:38
    VLAI
    Summary
    OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability
    Severity
    No CVSS data available.
    CWE
    • XXE
    Assigner
    Impacted products
    Vendor Product Version
    OpenPNE OpenPNE Affected: 3.8.7
    Affected: 3.6.11
    Affected: 3.4.21.1
    Affected: 3.2.7.6
    Affected: 3.0.8.5 (Fixed: 3.8.7.1
    Affected: 3.6.11.1
    Affected: 3.4.21.2
    Affected: 3.2.7.7
    Affected: 3.0.8.6)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:38:01.887Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/62285"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenPNE",
              "vendor": "OpenPNE",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.8.7"
                },
                {
                  "status": "affected",
                  "version": "3.6.11"
                },
                {
                  "status": "affected",
                  "version": "3.4.21.1"
                },
                {
                  "status": "affected",
                  "version": "3.2.7.6"
                },
                {
                  "status": "affected",
                  "version": "3.0.8.5 (Fixed: 3.8.7.1"
                },
                {
                  "status": "affected",
                  "version": "3.6.11.1"
                },
                {
                  "status": "affected",
                  "version": "3.4.21.2"
                },
                {
                  "status": "affected",
                  "version": "3.2.7.7"
                },
                {
                  "status": "affected",
                  "version": "3.0.8.6)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XXE",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-24T14:44:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/62285"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-4333",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OpenPNE",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.8.7"
                              },
                              {
                                "version_value": "3.6.11"
                              },
                              {
                                "version_value": "3.4.21.1"
                              },
                              {
                                "version_value": "3.2.7.6"
                              },
                              {
                                "version_value": "3.0.8.5 (Fixed: 3.8.7.1"
                              },
                              {
                                "version_value": "3.6.11.1"
                              },
                              {
                                "version_value": "3.4.21.2"
                              },
                              {
                                "version_value": "3.2.7.7"
                              },
                              {
                                "version_value": "3.0.8.6)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "OpenPNE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XXE"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.securityfocus.com/bid/62285",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/62285"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031"
                },
                {
                  "name": "http://www.openwall.com/lists/oss-security/2013/09/11/6",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-4333",
        "datePublished": "2020-01-24T14:44:01.000Z",
        "dateReserved": "2013-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:38:01.887Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-27278 (GCVE-0-2024-27278)

    Vulnerability from cvelistv5 – Published: 2024-03-05 23:49 – Updated: 2025-03-27 14:25
    VLAI
    Summary
    OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Cross-site scripting (XSS)
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-27278",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-06T19:10:15.121387Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T14:25:32.763Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:27:59.908Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openpne.jp/archives/13458/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN78084105/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenPNE Plugin \"opTimelinePlugin\"",
              "vendor": "OpenPNE Project",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.11 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenPNE Plugin \"opTimelinePlugin\" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting (XSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-05T23:49:14.943Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "http://www.openpne.jp/archives/13458/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN78084105/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-27278",
        "datePublished": "2024-03-05T23:49:14.943Z",
        "dateReserved": "2024-02-22T01:52:03.723Z",
        "dateUpdated": "2025-03-27T14:25:32.763Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4335 (GCVE-0-2013-4335)

    Vulnerability from cvelistv5 – Published: 2020-02-07 14:06 – Updated: 2024-08-06 16:38
    VLAI
    Summary
    opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities
    Severity
    No CVSS data available.
    CWE
    • XXE
    Assigner
    Impacted products
    Vendor Product Version
    opOpenSocialPlugin opOpenSocialPlugin Affected: 0.8.2.1
    Affected: > 0.9.9.2
    Affected: 0.9.13
    Affected: 1.2.6 (Fixed: 0.8.2.2
    Affected: 0.9.9.3
    Affected: 0.9.13.1
    Affected: 1.2.6.1)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:38:02.022Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/62287"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87033"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "opOpenSocialPlugin",
              "vendor": "opOpenSocialPlugin",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.8.2.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e 0.9.9.2"
                },
                {
                  "status": "affected",
                  "version": "0.9.13"
                },
                {
                  "status": "affected",
                  "version": "1.2.6 (Fixed: 0.8.2.2"
                },
                {
                  "status": "affected",
                  "version": "0.9.9.3"
                },
                {
                  "status": "affected",
                  "version": "0.9.13.1"
                },
                {
                  "status": "affected",
                  "version": "1.2.6.1)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "opOpenSocialPlugin 0.8.2.1, \u003e 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XXE",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-07T14:06:16.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/62287"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87033"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-4335",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "opOpenSocialPlugin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "0.8.2.1"
                              },
                              {
                                "version_value": "\u003e 0.9.9.2"
                              },
                              {
                                "version_value": "0.9.13"
                              },
                              {
                                "version_value": "1.2.6 (Fixed: 0.8.2.2"
                              },
                              {
                                "version_value": "0.9.9.3"
                              },
                              {
                                "version_value": "0.9.13.1"
                              },
                              {
                                "version_value": "1.2.6.1)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "opOpenSocialPlugin"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "opOpenSocialPlugin 0.8.2.1, \u003e 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XXE"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.openwall.com/lists/oss-security/2013/09/11/6",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
                },
                {
                  "name": "http://www.securityfocus.com/bid/62287",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/62287"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87033",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87033"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-4335",
        "datePublished": "2020-02-07T14:06:16.000Z",
        "dateReserved": "2013-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:38:02.022Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4333 (GCVE-0-2013-4333)

    Vulnerability from cvelistv5 – Published: 2020-01-24 14:44 – Updated: 2024-08-06 16:38
    VLAI
    Summary
    OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability
    Severity
    No CVSS data available.
    CWE
    • XXE
    Assigner
    Impacted products
    Vendor Product Version
    OpenPNE OpenPNE Affected: 3.8.7
    Affected: 3.6.11
    Affected: 3.4.21.1
    Affected: 3.2.7.6
    Affected: 3.0.8.5 (Fixed: 3.8.7.1
    Affected: 3.6.11.1
    Affected: 3.4.21.2
    Affected: 3.2.7.7
    Affected: 3.0.8.6)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:38:01.887Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/62285"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "OpenPNE",
              "vendor": "OpenPNE",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.8.7"
                },
                {
                  "status": "affected",
                  "version": "3.6.11"
                },
                {
                  "status": "affected",
                  "version": "3.4.21.1"
                },
                {
                  "status": "affected",
                  "version": "3.2.7.6"
                },
                {
                  "status": "affected",
                  "version": "3.0.8.5 (Fixed: 3.8.7.1"
                },
                {
                  "status": "affected",
                  "version": "3.6.11.1"
                },
                {
                  "status": "affected",
                  "version": "3.4.21.2"
                },
                {
                  "status": "affected",
                  "version": "3.2.7.7"
                },
                {
                  "status": "affected",
                  "version": "3.0.8.6)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XXE",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-24T14:44:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/62285"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-4333",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "OpenPNE",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.8.7"
                              },
                              {
                                "version_value": "3.6.11"
                              },
                              {
                                "version_value": "3.4.21.1"
                              },
                              {
                                "version_value": "3.2.7.6"
                              },
                              {
                                "version_value": "3.0.8.5 (Fixed: 3.8.7.1"
                              },
                              {
                                "version_value": "3.6.11.1"
                              },
                              {
                                "version_value": "3.4.21.2"
                              },
                              {
                                "version_value": "3.2.7.7"
                              },
                              {
                                "version_value": "3.0.8.6)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "OpenPNE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XXE"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.securityfocus.com/bid/62285",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/62285"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031"
                },
                {
                  "name": "http://www.openwall.com/lists/oss-security/2013/09/11/6",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-4333",
        "datePublished": "2020-01-24T14:44:01.000Z",
        "dateReserved": "2013-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:38:01.887Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2024-000023

    Vulnerability from jvndb - Published: 2024-02-29 13:12 - Updated:2024-02-29 13:12
    Severity
    Summary
    OpenPNE plugin "opTimelinePlugin" vulnerable to cross-site scripting
    Details
    OpenPNE plugin "opTimelinePlugin" provided by OpenPNE Project contains a stored cross-site scripting vulnerability (CWE-79) in Edit Profile page. Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000023.html",
      "dc:date": "2024-02-29T13:12+09:00",
      "dcterms:issued": "2024-02-29T13:12+09:00",
      "dcterms:modified": "2024-02-29T13:12+09:00",
      "description": "OpenPNE plugin \"opTimelinePlugin\" provided by OpenPNE Project contains a stored cross-site scripting vulnerability (CWE-79) in Edit Profile page.\r\n\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000023.html",
      "sec:cpe": {
        "#text": "cpe:/a:tejimaya:optimelineplugin",
        "@product": "opTimelinePlugin",
        "@vendor": "OpenPNE",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "3.5",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "5.4",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2024-000023",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN78084105/index.html",
          "@id": "JVN#78084105",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27278",
          "@id": "CVE-2024-27278",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "OpenPNE plugin \"opTimelinePlugin\" vulnerable to cross-site scripting"
    }

    JVNDB-2014-000009

    Vulnerability from jvndb - Published: 2014-01-24 12:36 - Updated:2014-01-28 18:02
    Severity
    N/A (UNKNOWN) - -
    Summary
    OpenPNE vulnerable to PHP Object Injection
    Details
    OpenPNE contains an issue in processing Cookie headers, which may result in a PHP Object Injection vulnerability. Egidio Romano of Secunia reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000009.html",
      "dc:date": "2014-01-28T18:02+09:00",
      "dcterms:issued": "2014-01-24T12:36+09:00",
      "dcterms:modified": "2014-01-28T18:02+09:00",
      "description": "OpenPNE contains an issue in processing Cookie headers, which may result in a PHP Object Injection vulnerability.\r\n\r\nEgidio Romano of Secunia reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000009.html",
      "sec:cpe": {
        "#text": "cpe:/a:tejimaya:openpne",
        "@product": "OpenPNE",
        "@vendor": "OpenPNE",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "6.8",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2014-000009",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN69986880/index.html",
          "@id": "JVN#69986880",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5350",
          "@id": "CVE-2013-5350",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5350",
          "@id": "CVE-2013-5350",
          "@source": "NVD"
        },
        {
          "#text": "http://www.ipa.go.jp/security/ciadr/vul/20140124-jvn.html",
          "@id": "Security Alert for OpenPNE vulnerable to PHP Object Injection (JVN#69986880)",
          "@source": "IPA SECURITY ALERTS"
        },
        {
          "#text": "https://secunia.com/advisories/54043/",
          "@id": "Secunia Advisory SA54043 OpenPNE PHP Object Injection Vulnerability",
          "@source": "Related Information"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "OpenPNE vulnerable to PHP Object Injection"
    }

    JVNDB-2013-000038

    Vulnerability from jvndb - Published: 2013-05-13 13:39 - Updated:2013-06-19 09:56
    Severity
    N/A (UNKNOWN) - -
    Summary
    OpenPNE vulnerable to cross-site scripting
    Details
    The management screen in OpenPNE contains an issue in the processing of data input into the "mobile version color scheme configuration" item, which may result in a cross-site scripting vulnerability. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000038.html",
      "dc:date": "2013-06-19T09:56+09:00",
      "dcterms:issued": "2013-05-13T13:39+09:00",
      "dcterms:modified": "2013-06-19T09:56+09:00",
      "description": "The management screen in OpenPNE contains an issue in the processing of data input into the \"mobile version color scheme configuration\" item, which may result in a cross-site scripting vulnerability.\r\n\r\nASAI Ken reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000038.html",
      "sec:cpe": {
        "#text": "cpe:/a:tejimaya:openpne",
        "@product": "OpenPNE",
        "@vendor": "OpenPNE",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "2.6",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2013-000038",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN18501376/",
          "@id": "JVN#18501376",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2309",
          "@id": "CVE-2013-2309",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2309",
          "@id": "CVE-2013-2309",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "OpenPNE vulnerable to cross-site scripting"
    }

    JVNDB-2010-000006

    Vulnerability from jvndb - Published: 2010-03-12 15:29 - Updated:2010-03-12 15:29
    Severity
    N/A (UNKNOWN) - -
    Summary
    OpenPNE authentication bypass vulnerability
    Details
    OpenPNE contains an authentication bypass vulnerability. OpenPNE is an open source SNS (Social Networking Service) software. OpenPNE provides an "IP address range limitation" function to provide access to certain pages only to mobile devices. OpenPNE has an issue with the IP address range limitation function that may lead to an authentication bypass vulnerability. As a result, the "simple login" function for mobile phones may allow a remote attacker to bypass authentication. Note that products are affected by this vulnerability only when mobile device support and IP address range limitation are both enabled. According to the developer, in all versions of OpenPNE 1.6 and later, the IP adress range limitation function is either not implemented or not enabled by default. The developer has released information regarding this issue. For more information, refer to the information provided by the developer. Hiromitsu Takagi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000006.html",
      "dc:date": "2010-03-12T15:29+09:00",
      "dcterms:issued": "2010-03-12T15:29+09:00",
      "dcterms:modified": "2010-03-12T15:29+09:00",
      "description": "OpenPNE contains an authentication bypass vulnerability.\r\n\r\nOpenPNE is an open source SNS (Social Networking Service) software. OpenPNE provides an \"IP address range limitation\" function to provide access to certain pages only to mobile devices. OpenPNE has an issue with the IP address range limitation function that may lead to an authentication bypass vulnerability. As a result, the \"simple login\" function for mobile phones may allow a remote attacker to bypass authentication. \r\n\r\nNote that products are affected by this vulnerability only when mobile device support and IP address range limitation are both enabled.\r\n\r\nAccording to the developer, in all versions of OpenPNE 1.6 and later, the IP adress range limitation function is either not implemented or not enabled by default. The developer has released information regarding this issue. For more information, refer to the information provided by the developer.\r\n\r\nHiromitsu Takagi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000006.html",
      "sec:cpe": {
        "#text": "cpe:/a:tejimaya:openpne",
        "@product": "OpenPNE",
        "@vendor": "OpenPNE",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "5.8",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2010-000006",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN06874657/index.html",
          "@id": "JVN#06874657",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1040",
          "@id": "CVE-2010-1040",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1040",
          "@id": "CVE-2010-1040",
          "@source": "NVD"
        },
        {
          "#text": "http://www.ipa.go.jp/security/english/vuln/201003_openpne_en.html",
          "@id": "Security Alert for OpenPNE Vulnerability",
          "@source": "IPA SECURITY ALERTS"
        },
        {
          "#text": "http://secunia.com/advisories/38857",
          "@id": "SA38857",
          "@source": "SECUNIA"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        }
      ],
      "title": "OpenPNE authentication bypass vulnerability"
    }