Pleasanter
by Pleasanter
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-32608 | Med | 0.42 | 6.5 | 0.01 | Jun 30, 2023 | Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server. | ||
| CVE-2023-46688 | Med | 0.40 | 6.1 | 0.01 | Dec 6, 2023 | Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. | ||
| CVE-2023-34439 | Med | 0.35 | 5.4 | 0.00 | Dec 6, 2023 | Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser. | ||
| CVE-2023-32607 | Med | 0.35 | 5.4 | 0.01 | Jun 30, 2023 | Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. | ||
| CVE-2023-30758 | Med | 0.35 | 5.4 | 0.01 | Jun 1, 2023 | Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. | ||
| CVE-2023-45210 | Med | 0.28 | 4.3 | 0.01 | Dec 6, 2023 | Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access. |
- risk 0.42cvss 6.5epss 0.01
Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server.
- risk 0.40cvss 6.1epss 0.01
Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL.
- risk 0.35cvss 5.4epss 0.00
Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.
- risk 0.35cvss 5.4epss 0.01
Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.
- risk 0.28cvss 4.3epss 0.01
Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access.