CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0897
https://notcve.org/view.php?id=CVE-2015-0897
LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker. LINE para Android versión 5.0.2 y anteriores y LINE para iOS versión 5.0.0 y anteriores son vulnerables a ataques MITM (man-in-the-middle) ya que la aplicación permite comunicaciones que no sean SSL/TLS. Como resultado, cualquier API puede ser invocada desde un script inyectado por un atacante MITM (man-in-the-middle). • http://official-blog.line.me/ja/archives/24809761.html https://jvn.jp/en/jp/JVN41281927 • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39731
https://notcve.org/view.php?id=CVE-2023-39731
The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. La filtración del secreto del cliente en Kaibutsunosato v13.6.1 permite a los atacantes obtener el token de acceso al canal y enviar mensajes de difusión manipulados. • https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39731.md https://liff.line.me/1657662489-pwEQNzJ4 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39040
https://notcve.org/view.php?id=CVE-2023-39040
An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Una fuga de información en Cheese Cafe Line v13.6.1 permite a los atacantes obtener el token de acceso al canal y enviar mensajes manipulados. • http://cheese.com https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39040.md • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39039
https://notcve.org/view.php?id=CVE-2023-39039
An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Una fuga de información en Camp Style Project Line v13.6.1 permite a los atacantes obtener el token de acceso al canal y enviar mensajes manipulados. • http://camp.com https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39039.md • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28993 – WordPress Albo Pretorio Online Plugin <= 4.6.1 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-28993
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On Line plugin <= 4.6.1 versions. The Albo Pretorio Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Ente' parameter in versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •