Pleasanter
by Implem Inc.
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-58070 | Med | 0.40 | 6.1 | 0.00 | Oct 24, 2025 | Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser. | ||
| CVE-2024-21584 | Med | 0.40 | 6.1 | 0.00 | Mar 12, 2024 | Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user. | ||
| CVE-2023-46688 | Med | 0.40 | 6.1 | 0.01 | Dec 6, 2023 | Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. | ||
| CVE-2025-61931 | Med | 0.35 | 5.4 | 0.00 | Oct 24, 2025 | Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser. | ||
| CVE-2023-34439 | Med | 0.35 | 5.4 | 0.00 | Dec 6, 2023 | Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser. | ||
| CVE-2023-30758 | Med | 0.35 | 5.4 | 0.01 | Jun 1, 2023 | Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. | ||
| CVE-2023-45210 | Med | 0.28 | 4.3 | 0.01 | Dec 6, 2023 | Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access. |
- risk 0.40cvss 6.1epss 0.00
Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser.
- risk 0.40cvss 6.1epss 0.00
Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user.
- risk 0.40cvss 6.1epss 0.01
Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL.
- risk 0.35cvss 5.4epss 0.00
Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser.
- risk 0.35cvss 5.4epss 0.00
Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.
- risk 0.28cvss 4.3epss 0.01
Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access.