Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
jvnJapan Vulnerability NotesJVN:10377257
HistoryDec 20, 2019 - 12:00 a.m.

JVN#10377257: Multiple vulnerabilities in a-blog cms

2019-12-2000:00:00
Japan Vulnerability Notes
jvn.jp
101

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

47.1%

JSON

a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below.

Reflected cross-site scripting (CWE-79) - CVE-2019-6033

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1
CVSS v2 AV:N/AC:M/Au:N/C:N/I:P/A:N Base Score: 4.3

Script injection due to a flaw in processing cookie (CWE-74) - CVE-2019-6034

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1
CVSS v2 AV:N/AC:M/Au:N/C:N/I:P/A:N Base Score: 4.3

Impact

An arbitrary script may be executed on the user’s web browser.

Solution

Update the Software
Update to the appropriate latest version according to the information provided by the developer.

Apply a workaround
The following workaround may mitigate the impact of this vulnerability.

  • Delete following subordinate directory
    /ablogcms/php/vendor/pear/http_request2/tests/

Products Affected

  • a-blog cms prior to Ver.2.10.23 (Ver.2.10.x)
  • a-blog cms prior to Ver.2.9.26 (Ver.2.9.x)
  • a-blog cms prior to Ver.2.8.64 (Ver.2.8.x)

Related

prion 2
cve 2
cvelist 2
nvd 2
prion
prion
Cross site scripting
2019-12-26 16:15:00
Input validation
2019-12-26 16:15:00
cve
cve
CVE-2019-6034
2019-12-26 16:15:12
CVE-2019-6033
2019-12-26 16:15:12
cvelist
cvelist
CVE-2019-6034
2019-12-26 15:16:50
CVE-2019-6033
2019-12-26 15:16:50
nvd
nvd
CVE-2019-6034
2019-12-26 16:15:12
CVE-2019-6033
2019-12-26 16:15:12

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

47.1%

JSON
Related for JVN:10377257
prion2cve2cvelist2nvd2