Refine your search
4 vulnerabilities found for MATCHA SNS by ICZ Corporation
jvndb-2026-000052
Vulnerability from jvndb
Published
2026-04-08 16:15
Modified
2026-04-08 16:15
Severity ?
Summary
Multiple vulnerabilities in MATCHA series
Details
MATCHA series provided by ICZ Corporation contains multiple vulnerabilities listed below.<a href='https://cwe.mitre.org/data/definitions/89.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/79.html' target='_blank'></a><a href='https://cwe.mitre.org/data/definitions/434.html' target='_blank'></a><ul><li>SQL injection (CWE-89) - CVE-2026-24913</li><li>Cross-site scripting (CWE-79) - CVE-2026-27787</li><li>Unrestricted upload of file with dangerous type(CWE-434) - CVE-2026-33273</li></ul>CVE-2026-24913, CVE-2026-27787
Kenta Chikagawa of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2026-33273
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000052.html",
"dc:date": "2026-04-08T16:15+09:00",
"dcterms:issued": "2026-04-08T16:15+09:00",
"dcterms:modified": "2026-04-08T16:15+09:00",
"description": "MATCHA series provided by ICZ Corporation contains multiple vulnerabilities listed below.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/89.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/79.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/434.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eSQL injection (CWE-89) - CVE-2026-24913\u003c/li\u003e\u003cli\u003eCross-site scripting (CWE-79) - CVE-2026-27787\u003c/li\u003e\u003cli\u003eUnrestricted upload of file with dangerous type(CWE-434) - CVE-2026-33273\u003c/li\u003e\u003c/ul\u003eCVE-2026-24913, CVE-2026-27787\r\nKenta Chikagawa of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2026-33273\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000052.html",
"sec:cpe": [
{
"#text": "cpe:/a:icz:matchasns",
"@product": "MATCHA SNS",
"@vendor": "ICZ Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:icz:matcha_bill",
"@product": "MATCHA INVOICE",
"@vendor": "ICZ Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000052",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN33581068/index.html",
"@id": "JVN#33581068",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-24913",
"@id": "CVE-2026-24913",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-27787",
"@id": "CVE-2026-27787",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-33273",
"@id": "CVE-2026-33273",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in MATCHA series"
}
jvndb-2015-000146
Vulnerability from jvndb
Published
2015-09-30 15:05
Modified
2015-10-08 15:25
Summary
MATCHA SNS access restriction bypass vulnerability
Details
MATCHA SNS provided by ICZ Corporation is an SNS software.
MATCHA SNS contains an access restriction bypass vulnerability.
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000146.html",
"dc:date": "2015-10-08T15:25+09:00",
"dcterms:issued": "2015-09-30T15:05+09:00",
"dcterms:modified": "2015-10-08T15:25+09:00",
"description": "MATCHA SNS provided by ICZ Corporation is an SNS software. \r\nMATCHA SNS contains an access restriction bypass vulnerability.\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000146.html",
"sec:cpe": {
"#text": "cpe:/a:icz:matchasns",
"@product": "MATCHA SNS",
"@vendor": "ICZ Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000146",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN85118545/index.html",
"@id": "JVN#85118545",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5645",
"@id": "CVE-2015-5645",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5645",
"@id": "CVE-2015-5645",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "MATCHA SNS access restriction bypass vulnerability"
}
jvndb-2015-000145
Vulnerability from jvndb
Published
2015-09-30 15:05
Modified
2015-10-08 15:25
Summary
MATCHA SNS vulnerable to code injection
Details
MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains a code injection (CWE-94) vulnerability due to a flaw when configuring the database during installation.
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000145.html",
"dc:date": "2015-10-08T15:25+09:00",
"dcterms:issued": "2015-09-30T15:05+09:00",
"dcterms:modified": "2015-10-08T15:25+09:00",
"description": "MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains a code injection (CWE-94) vulnerability due to a flaw when configuring the database during installation.\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000145.html",
"sec:cpe": {
"#text": "cpe:/a:icz:matchasns",
"@product": "MATCHA SNS",
"@vendor": "ICZ Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000145",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN08535069/index.html",
"@id": "JVN#08535069",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5644",
"@id": "CVE-2015-5644",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5644",
"@id": "CVE-2015-5644",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
}
],
"title": "MATCHA SNS vulnerable to code injection"
}
CVE-2026-27787 (GCVE-0-2026-27787)
Vulnerability from cvelistv5
Published
2026-04-08 05:11
Modified
2026-04-08 13:55
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site scripting (XSS)
Summary
Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICZ Corporation | MATCHA SNS |
Version: 1.3.9 and earlier |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27787",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T13:55:00.130119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T13:55:07.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MATCHA SNS",
"vendor": "ICZ Corporation",
"versions": [
{
"status": "affected",
"version": "1.3.9 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T05:11:11.154Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://oss.icz.co.jp/news/?p=1388"
},
{
"url": "https://jvn.jp/en/jp/JVN33581068/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-27787",
"datePublished": "2026-04-08T05:11:11.154Z",
"dateReserved": "2026-04-03T04:29:15.069Z",
"dateUpdated": "2026-04-08T13:55:07.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}