cvelistv5 - cve-2022-23916

CVE-2022-23916 (GCVE-0-2022-23916)

Vulnerability from cvelistv5

Published

2022-02-24 09:50

Modified

2024-08-03 03:59

Severity ?

CWE

Cross-site scripting

Summary

Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374.

References

►

URL

Tags

	https://developer.a-blogcms.jp/blog/news/security-202202.html	x_refsource_MISC
	https://jvn.jp/en/jp/JVN14706307/index.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	appleple inc.	a-blog cms	Version: Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:59:22.651Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://developer.a-blogcms.jp/blog/news/security-202202.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN14706307/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "a-blog cms",
          "vendor": "appleple inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-24T09:50:30",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://developer.a-blogcms.jp/blog/news/security-202202.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN14706307/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-23916",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "a-blog cms",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "appleple inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://developer.a-blogcms.jp/blog/news/security-202202.html",
              "refsource": "MISC",
              "url": "https://developer.a-blogcms.jp/blog/news/security-202202.html"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN14706307/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN14706307/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-23916",
    "datePublished": "2022-02-24T09:50:30",
    "dateReserved": "2022-02-16T00:00:00",
    "dateUpdated": "2024-08-03T03:59:22.651Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-23916

Vulnerability from jvndb

Published

2022-02-18 15:55

Modified

2022-02-18 15:55

Severity ?

5.6 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

Multiple vulnerabilities in a-blog cms

Details

a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. * Cross-site scripting (CWE-79) - CVE-2022-24374 * Cross-site scripting (CWE-79) - CVE-2022-23916 * Template injection (CWE-1336) - CVE-2022-23810 * Authentication bypass (CWE-291) - CVE-2022-21142 CVE-2022-24374 iwama yuu of Secure Sky Technology Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2022-23916 Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2022-23810, CVE-2022-21142 hibiki moriyama of STNet, Incorporated reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

►

Type

URL

	JVN	https://jvn.jp/en/jp/JVN14706307/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-24374
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-23916
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-23810
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-21142
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-21142
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-23810
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-23916
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-24374
	Improper Authentication(CWE-287)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Code Injection(CWE-94)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

►

Vendor

Product

appleple inc.

a-blog cms

Show details on JVN DB website