Refine your search
8 vulnerabilities found for OneThird CMS by SpiQe Software
jvndb-2020-009141
Vulnerability from jvndb
Published
2020-10-21 15:21
Modified
2020-10-21 15:21
Severity ?
Summary
Local File Inclusion vulnerability in OneThird CMS
Details
OneThird CMS provided SpiQe Software is a content management system (CMS). OneThird CMS contains a Local File Inclusion vulnerability (CWE-98).
References
| Type | URL | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-009141.html",
"dc:date": "2020-10-21T15:21+09:00",
"dcterms:issued": "2020-10-21T15:21+09:00",
"dcterms:modified": "2020-10-21T15:21+09:00",
"description": "OneThird CMS provided SpiQe Software is a content management system (CMS). OneThird CMS contains a Local File Inclusion vulnerability (CWE-98).",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-009141.html",
"sec:cpe": {
"#text": "cpe:/a:spiqe:onethird",
"@product": "OneThird CMS",
"@vendor": "SpiQe Software",
"@version": "2.2"
},
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2020-009141",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU99467898/",
"@id": "JVNVU#99467898",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5640",
"@id": "CVE-2020-5640",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5640",
"@id": "CVE-2020-5640",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/98.html",
"@id": "CWE-98",
"@title": "PHP Remote File Inclusion(CWE-98)"
}
],
"title": "Local File Inclusion vulnerability in OneThird CMS"
}
jvndb-2017-000248
Vulnerability from jvndb
Published
2017-12-19 13:48
Modified
2018-04-04 13:58
Severity ?
Summary
OneThird CMS vulnerable to directory traversal
Details
OneThird CMS provided by SpiQe Software is a Contents Management System (CMS). OneThird CMS contains a directory traversal vulnerability (CWE-22).
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000248.html",
"dc:date": "2018-04-04T13:58+09:00",
"dcterms:issued": "2017-12-19T13:48+09:00",
"dcterms:modified": "2018-04-04T13:58+09:00",
"description": "OneThird CMS provided by SpiQe Software is a Contents Management System (CMS). OneThird CMS contains a directory traversal vulnerability (CWE-22).\r\n\r\nYuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000248.html",
"sec:cpe": {
"#text": "cpe:/a:spiqe:onethird",
"@product": "OneThird CMS",
"@vendor": "SpiQe Software",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000248",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN93333702/index.html",
"@id": "JVN#93333702",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10907",
"@id": "CVE-2017-10907",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10907",
"@id": "CVE-2017-10907",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "OneThird CMS vulnerable to directory traversal"
}
jvndb-2017-000042
Vulnerability from jvndb
Published
2017-03-08 09:57
Modified
2017-06-01 12:28
Severity ?
Summary
OneThird CMS vulnerable to cross-site scripting
Details
OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability (CWE-79) due to an issue in processing the language selection screen.
Note that this vulnerability is different from JVN#13003724.
Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000042.html",
"dc:date": "2017-06-01T12:28+09:00",
"dcterms:issued": "2017-03-08T09:57+09:00",
"dcterms:modified": "2017-06-01T12:28+09:00",
"description": "OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability (CWE-79) due to an issue in processing the language selection screen.\r\nNote that this vulnerability is different from JVN#13003724.\r\n\r\nSatoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000042.html",
"sec:cpe": {
"#text": "cpe:/a:spiqe:onethird",
"@product": "OneThird CMS",
"@vendor": "SpiQe Software",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000042",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN49408248/index.html",
"@id": "JVN#49408248",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2123",
"@id": "CVE-2017-2123",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2123",
"@id": "CVE-2017-2123",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "OneThird CMS vulnerable to cross-site scripting"
}
jvndb-2017-000043
Vulnerability from jvndb
Published
2017-03-08 09:57
Modified
2017-06-01 15:08
Severity ?
Summary
OneThird CMS vulnerable to cross-site scripting
Details
OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability (CWE-79) due to an issue in processing the inquiry form.
Note that this vulnerability is different from JVN#49408248.
Satoshi Takagi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000043.html",
"dc:date": "2017-06-01T15:08+09:00",
"dcterms:issued": "2017-03-08T09:57+09:00",
"dcterms:modified": "2017-06-01T15:08+09:00",
"description": "OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability (CWE-79) due to an issue in processing the inquiry form.\r\nNote that this vulnerability is different from JVN#49408248.\r\n\r\nSatoshi Takagi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000043.html",
"sec:cpe": {
"#text": "cpe:/a:spiqe:onethird",
"@product": "OneThird CMS",
"@vendor": "SpiQe Software",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000043",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN13003724/index.html",
"@id": "JVN#13003724",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2124",
"@id": "CVE-2017-2124",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2124",
"@id": "CVE-2017-2124",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "OneThird CMS vulnerable to cross-site scripting"
}
CVE-2020-5640 (GCVE-0-2020-5640)
Vulnerability from cvelistv5
Published
2020-10-20 07:55
Modified
2024-08-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Local file inclusion vulnerability
Summary
Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SpiQe Software | OneThird CMS |
Version: v1.96c and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://onethird.net/en/p1340.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU99467898/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OneThird CMS",
"vendor": "SpiQe Software",
"versions": [
{
"status": "affected",
"version": "v1.96c and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local file inclusion vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T07:55:19.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://onethird.net/en/p1340.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU99467898/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OneThird CMS",
"version": {
"version_data": [
{
"version_value": "v1.96c and earlier"
}
]
}
}
]
},
"vendor_name": "SpiQe Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local file inclusion vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://onethird.net/en/p1340.html",
"refsource": "MISC",
"url": "https://onethird.net/en/p1340.html"
},
{
"name": "https://jvn.jp/en/vu/JVNVU99467898/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU99467898/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5640",
"datePublished": "2020-10-20T07:55:20.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10907 (GCVE-0-2017-10907)
Vulnerability from cvelistv5
Published
2017-12-22 14:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Directory traversal
Summary
Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SpiQe Software | OneThird CMS |
Version: Show Off v1.85 and earlier Version: Show Off v1.85 en and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#93333702",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN93333702/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://onethird.net/en/p1307.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OneThird CMS",
"vendor": "SpiQe Software",
"versions": [
{
"status": "affected",
"version": "Show Off v1.85 and earlier"
},
{
"status": "affected",
"version": "Show Off v1.85 en and earlier"
}
]
}
],
"datePublic": "2017-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-22T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#93333702",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN93333702/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://onethird.net/en/p1307.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OneThird CMS",
"version": {
"version_data": [
{
"version_value": "Show Off v1.85 and earlier"
},
{
"version_value": "Show Off v1.85 en and earlier"
}
]
}
}
]
},
"vendor_name": "SpiQe Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#93333702",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN93333702/index.html"
},
{
"name": "https://onethird.net/en/p1307.html",
"refsource": "CONFIRM",
"url": "https://onethird.net/en/p1307.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10907",
"datePublished": "2017-12-22T14:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2124 (GCVE-0-2017-2124)
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SpiQe Software | OneThird CMS |
Version: v1.73 Heaven's Door and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://onethird.net/en/p1277.html"
},
{
"name": "98604",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98604"
},
{
"name": "JVN#13003724",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN13003724/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OneThird CMS",
"vendor": "SpiQe Software",
"versions": [
{
"status": "affected",
"version": "v1.73 Heaven\u0027s Door and earlier"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven\u0027s Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-24T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://onethird.net/en/p1277.html"
},
{
"name": "98604",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98604"
},
{
"name": "JVN#13003724",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN13003724/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OneThird CMS",
"version": {
"version_data": [
{
"version_value": "v1.73 Heaven\u0027s Door and earlier"
}
]
}
}
]
},
"vendor_name": "SpiQe Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven\u0027s Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://onethird.net/en/p1277.html",
"refsource": "MISC",
"url": "https://onethird.net/en/p1277.html"
},
{
"name": "98604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98604"
},
{
"name": "JVN#13003724",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN13003724/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2124",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:39:32.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2123 (GCVE-0-2017-2123)
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SpiQe Software | OneThird CMS |
Version: v1.73 Heaven's Door and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96613",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96613"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://onethird.net/en/p1277.html"
},
{
"name": "JVN#49408248",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN49408248/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OneThird CMS",
"vendor": "SpiQe Software",
"versions": [
{
"status": "affected",
"version": "v1.73 Heaven\u0027s Door and earlier"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven\u0027s Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "96613",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96613"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://onethird.net/en/p1277.html"
},
{
"name": "JVN#49408248",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN49408248/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OneThird CMS",
"version": {
"version_data": [
{
"version_value": "v1.73 Heaven\u0027s Door and earlier"
}
]
}
}
]
},
"vendor_name": "SpiQe Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven\u0027s Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96613"
},
{
"name": "https://onethird.net/en/p1277.html",
"refsource": "MISC",
"url": "https://onethird.net/en/p1277.html"
},
{
"name": "JVN#49408248",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN49408248/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2123",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:39:32.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}