CVE-2023-22425
https://notcve.org/view.php?id=CVE-2023-22425
Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. • https://github.com/shirasagi/shirasagi https://jvn.jp/en/jp/JVN18765463 https://www.ss-proj.org https://www.ss-proj.org/support/938.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-43499
https://notcve.org/view.php?id=CVE-2022-43499
Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en versiones de SHIRASAGI anteriores a la v1.16.2 permite a un atacante remoto autenticado con privilegios administrativos inyectar un script arbitrario. • https://github.com/shirasagi/shirasagi https://jvn.jp/en/jp/JVN86350682/index.html https://www.ss-proj.org https://www.ss-proj.org/support/928.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-29485
https://notcve.org/view.php?id=CVE-2022-29485
Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting en SHIRASAGI versiones v1.0.0 a v1.14.2, y v1.15.0, permite a un atacante remoto inyectar un script arbitrario por medio de vectores no especificados • https://github.com/shirasagi/shirasagi https://jvn.jp/en/jp/JVN32962443/index.html https://www.ss-proj.org https://www.ss-proj.org/support/843.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-5607
https://notcve.org/view.php?id=CVE-2020-5607
Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Una vulnerabilidad de redireccionamiento abierto en SHIRASAGI versiones v1.13.1 y anteriores, permite a atacantes remotos redireccionar a los usuarios a sitios web arbitrarios y conducir ataques de phishing por medio de vectores no especificados • https://github.com/shirasagi/shirasagi https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a.patch https://jvn.jp/en/jp/JVN55657988/index.html https://www.ss-proj.org • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2019-6009
https://notcve.org/view.php?id=CVE-2019-6009
Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Una vulnerabilidad de redireccionamiento abierto en SHIRASAGI versión v1.7.0 y anteriores, permite a atacantes remotos redireccionar a los usuarios a sitios web arbitrarios y realizar ataques de phishing por medio de vectores no especificados. • http://jvn.jp/en/jp/JVN74699196/index.html https://github.com/shirasagi/shirasagi https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3 https://github.com/shirasagi/shirasagi/commit/6016948ea535e51b16535888af13df064a1a15d3.patch https://www.ss-proj.org • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •