Kentaro Ishii

**Name of the Vulnerable Software and Affected Versions** Movable Type versions 7.x and 8.4.x **Description** Movable Type has a stored cross-site scripting issue in the Export Sites functionality. An attacker could execute arbitrary script in a logged-in user’s web browser by storing crafted input. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Movable Type versions 7.x and 8.4.x **Description** Movable Type has a stored cross-site scripting issue in the Edit Comment functionality. An attacker could execute arbitrary script in a logged-in user’s web browser by storing crafted input. The `Edit Comment` functionality is susceptible to this issue. **Recommendations** Versions prior to 7.x and 8.4.x are recommended.

**Name of the Vulnerable Software and Affected Versions** Web Caster V130 versions 1.08 and earlier **Description** A cross-site request forgery issue exists that allows an attacker to potentially modify product settings if a logged-in user views a malicious page. **Recommendations** Update Web Caster V130 to a version later than 1.08.

**Name of the Vulnerable Software and Affected Versions** MZK-DP300N versions 1.05 and earlier **Description** A cross-site scripting issue exists, allowing an arbitrary script to be executed on the logged-in user's web browser when accessing a crafted URL, if an attacker logs in to the affected product and manipulates the device settings. **Recommendations** For MZK-DP300N versions 1.05 and earlier, update to a version later than 1.05 to resolve the issue. As a temporary workaround, consider restricting access to the device settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Exment versions 6.1.4 and earlier Exment versions 5.0.11 and earlier **Description** A stored cross-site scripting issue exists. When accessing the edit screen containing custom columns, such as images or files, an arbitrary script may be executed on the user's web browser. **Recommendations** For Exment versions 6.1.4 and earlier, update to a version later than 6.1.4 to resolve the issue. For Exment versions 5.0.11 and earlier, update to a version later than 5.0.11 to resolve the issue. As a temporary workaround, consider restricting access to custom columns of type images or files in the edit screen until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PLANEX MZK-DP300N firmware versions 1.04 and earlier **Description** The issue is related to a cross-site request forgery vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations, such as changing the login password. **Recommendations** For firmware versions 1.04 and earlier, update to a patched version as soon as possible and enforce strict CSRF token validation. As a temporary workaround, consider restricting access to the web management page until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WRC-X3000GS2-B WRC-X3000GS2-W WRC-X3000GS2A-B **Description** A cross-site scripting vulnerability exists due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser. **Recommendations** For WRC-X3000GS2-B, consider disabling access to the easysetup.cgi until a patch is available. For WRC-X3000GS2-W, restrict the use of easysetup.cgi to minimize the risk of exploitation. For WRC-X3000GS2A-B, avoid using the easysetup.cgi endpoint until the issue is resolved. As a temporary workaround, consider implementing input validation for the easysetup.cgi endpoint to prevent malicious input values.

**Name of the Vulnerable Software and Affected Versions** ELECOM WRC-X6000XS-G/WRC-X1500GS-B/WRC-X1500GSA-B versions up to 1.11 **Description** A cross-site request forgery issue exists in ELECOM wireless LAN routers. When a user with administrative privileges views a malicious page while logged in to the affected product, they may be directed to perform unintended operations, such as changing the login ID or login password. **Recommendations** For ELECOM WRC-X6000XS-G/WRC-X1500GS-B/WRC-X1500GSA-B versions up to 1.11, patch immediately to mitigate the risk of unauthorized actions on behalf of users.

**Name of the Vulnerable Software and Affected Versions** ELECOM wireless LAN routers (affected versions not specified) **Description** A specially crafted request may be sent to the affected product by a logged-in user with administrative privilege to execute an arbitrary OS command. This issue exists in ELECOM wireless LAN routers. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** a-blog cms versions 3.1.x through 3.1.9 and earlier a-blog cms versions 3.0.x through 3.0.30 and earlier a-blog cms versions 2.11.x through 2.11.59 and earlier a-blog cms versions 2.10.x through 2.10.51 and earlier a-blog cms version 2.9 and earlier **Description** A directory traversal vulnerability exists in a-blog cms, allowing a user with editor or higher privilege who can login to the product to obtain arbitrary files on the server, including password files, if the vulnerability is exploited. **Recommendations** For a-blog cms versions 3.1.x through 3.1.9 and earlier, update to a version later than 3.1.9. For a-blog cms versions 3.0.x through 3.0.30 and earlier, update to a version later than 3.0.30. For a-blog cms versions 2.11.x through 2.11.59 and earlier, update to a version later than 2.11.59. For a-blog cms versions 2.10.x through 2.10.51 and earlier, update to a version later than 2.10.51. For a-blog cms version 2.9 and earlier, update to a version later than 2.9.

**Name of the Vulnerable Software and Affected Versions** OpenPNE Plugin "opTimelinePlugin" versions 1.2.11 and earlier **Description** The issue allows an arbitrary script to be executed on the web browsers of other users when a user configures their profile with malicious contents on a site using the affected product. This is a cross-site scripting vulnerability. **Recommendations** For versions 1.2.11 and earlier, update to a version later than 1.2.11 to resolve the issue. As a temporary workaround, consider restricting user profile configuration to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** a-blog cms versions prior to 3.1.7 a-blog cms versions prior to 3.0.29 a-blog cms versions prior to 2.11.58 a-blog cms versions prior to 2.10.50 a-blog cms version 2.9.0 and earlier **Description** The issue allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user's web browser. This is a cross-site scripting vulnerability. **Recommendations** For versions prior to 3.1.7, update to version 3.1.7 or later. For versions prior to 3.0.29, update to version 3.0.29 or later. For versions prior to 2.11.58, update to version 2.11.58 or later. For versions prior to 2.10.50, update to version 2.10.50 or later. For version 2.9.0 and earlier, update to a later version.

**Name of the Vulnerable Software and Affected Versions** F-RevoCRM versions 7.3.0 through 7.3.7 **Description** The issue is a cross-site scripting vulnerability. If exploited, it allows an arbitrary script to be executed on the web browser of the user using the product. **Recommendations** For versions 7.3.0 through 7.3.7, update to version 7.3.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** F-RevoCRM versions 7.3.7 through 7.3.8 **Description** The issue is an OS command injection vulnerability. If exploited, an attacker with access to the product may execute an arbitrary OS command on the server where the product is running. **Recommendations** For versions 7.3.7 and 7.3.8, update to a version that contains a fix for this issue to prevent OS command injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ELECOM WRH-300WH-H versions 2.12 and earlier ELECOM WTC-300HWH versions 1.09 and earlier ELECOM WTC-C1167GC-B versions 1.17 and earlier ELECOM WTC-C1167GC-W versions 1.17 and earlier **Description** The issue allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. This can be exploited by a remote attacker to trick users into revealing sensitive information. **Recommendations** For ELECOM WRH-300WH-H versions 2.12 and earlier, update to a version later than 2.12 to resolve the issue. For ELECOM WTC-300HWH versions 1.09 and earlier, update to a version later than 1.09 to resolve the issue. For ELECOM WTC-C1167GC-B versions 1.17 and earlier, update to a version later than 1.17 to resolve the issue. For ELECOM WTC-C1167GC-W versions 1.17 and earlier, update to a version later than 1.17 to resolve the issue. As a temporary workaround, consider restricting access to the router's web interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WTC-C1167GC-B versions 1.17 and earlier WTC-C1167GC-W versions 1.17 and earlier **Description** A cross-site request forgery (CSRF) issue exists, allowing unintended operations to be performed if a user views a malicious page while logged in. **Recommendations** For WTC-C1167GC-B versions 1.17 and earlier, consider implementing CSRF tokens or other anti-CSRF measures to prevent exploitation. For WTC-C1167GC-W versions 1.17 and earlier, consider implementing CSRF tokens or other anti-CSRF measures to prevent exploitation. As a temporary workaround, consider restricting user access to sensitive operations while logged in to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pleasanter versions 1.3.39.2 and earlier **Description** A directory traversal issue allows a remote authenticated attacker to alter an arbitrary file on the server. **Recommendations** For versions 1.3.39.2 and earlier, update to a version later than 1.3.39.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pleasanter versions 1.3.39.2 and earlier **Description** The issue allows a remote authenticated attacker to inject an arbitrary script due to a stored cross-site scripting vulnerability. **Recommendations** For versions 1.3.39.2 and earlier, update to a version later than 1.3.39.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pleasanter versions 1.3.38.1 and earlier **Description** A cross-site scripting issue allows a remote authenticated attacker to inject an arbitrary script. **Recommendations** For versions 1.3.38.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mage-ai versions 0.8.34 through 0.8.71 **Description** The issue affects mage-ai, an open-source data pipeline tool, when used with user authentication enabled. It allows the terminal to be accessed by users who are not signed in or do not have editor permissions. **Recommendations** For versions 0.8.34 through 0.8.71, update to version 0.8.72 to resolve the issue. As a temporary workaround, consider disabling user authentication until the update can be applied. Restrict access to the terminal to minimize the risk of exploitation.