CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2015-0889
https://notcve.org/view.php?id=CVE-2015-0889
KENT-WEB Joyful Note before 5.3 allows remote attackers to delete files or write to files, and consequently execute arbitrary code, via vectors involving an article. KENT-WEB Joyful Note anterior a 5.3 permite a atacantes remotos eliminar ficheros o escribir a ficheros, y como consecuencia ejecutar código arbitrario, a través de vectores que involucran un artículo. • http://jvn.jp/en/jp/JVN88862608/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000024 http://www.kent-web.com/bbs/joyful.html •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0812
https://notcve.org/view.php?id=CVE-2014-0812
Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 and earlier, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en KENT-WEB Joyful Note 2.8 y anteriores, cuando se usa Internet Explorer 7 o anterior, permite a atacantes remotos inyectar script Web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN30718178/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000013 http://osvdb.org/102740 http://www.kent-web.com/bbs/joyful.html http://www.securityfocus.com/bid/65301 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •