UNIVERSAL PASSPORT RX provided by Japan System Techniques Co., Ltd. contains multiple vulnerabilities listed below.
Cross-site scripting (CWE-79) CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2023-42427Dependency on vulnerable third-party component (CWE-1395)
Known vulnerability in Primefaces library used in the product
Cross-site scripting (CWE-79) CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Base Score 4.8 CVE-2023-51436
CVE-2023-42427 and Dependency on vulnerable third-party component
According to the developer, they have notified “CVE-2023-42427” and “Dependency on vulnerable third-party component” to the users and the updating of the affected products have been completed.
CVE-2023-51436 Update the Software or Apply the Patch
The developer addressed the all vulnerabilities in the following version:
CVE-2023-42427, Dependency on vulnerable third-party component
UNIVERSAL PASSPORT RX versions 1.0.0 to 1.0.7
CVE-2023-51436
UNIVERSAL PASSPORT RX versions 1.0.0 to 1.0.8