CVE-2023-22425
https://notcve.org/view.php?id=CVE-2023-22425
Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. • https://github.com/shirasagi/shirasagi https://jvn.jp/en/jp/JVN18765463 https://www.ss-proj.org https://www.ss-proj.org/support/938.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-43499
https://notcve.org/view.php?id=CVE-2022-43499
Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en versiones de SHIRASAGI anteriores a la v1.16.2 permite a un atacante remoto autenticado con privilegios administrativos inyectar un script arbitrario. • https://github.com/shirasagi/shirasagi https://jvn.jp/en/jp/JVN86350682/index.html https://www.ss-proj.org https://www.ss-proj.org/support/928.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-43479
https://notcve.org/view.php?id=CVE-2022-43479
Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack. Vulnerabilidad de redireccionamiento abierto en SHIRASAGI v1.14.4 a v1.15.0 permite que un atacante remoto no autenticado redirija a los usuarios a un sitio web arbitrario y realice un ataque de phishing. • https://github.com/shirasagi/shirasagi https://jvn.jp/en/jp/JVN86350682/index.html https://www.ss-proj.org https://www.ss-proj.org/support/928.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2022-29485
https://notcve.org/view.php?id=CVE-2022-29485
Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting en SHIRASAGI versiones v1.0.0 a v1.14.2, y v1.15.0, permite a un atacante remoto inyectar un script arbitrario por medio de vectores no especificados • https://github.com/shirasagi/shirasagi https://jvn.jp/en/jp/JVN32962443/index.html https://www.ss-proj.org https://www.ss-proj.org/support/843.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-5607
https://notcve.org/view.php?id=CVE-2020-5607
Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Una vulnerabilidad de redireccionamiento abierto en SHIRASAGI versiones v1.13.1 y anteriores, permite a atacantes remotos redireccionar a los usuarios a sitios web arbitrarios y conducir ataques de phishing por medio de vectores no especificados • https://github.com/shirasagi/shirasagi https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a https://github.com/shirasagi/shirasagi/commit/040a02c9d4b5dd2f91c5c29c0008a47cde6ee99a.patch https://jvn.jp/en/jp/JVN55657988/index.html https://www.ss-proj.org • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •