Masako Ohno

**Name of the Vulnerable Software and Affected Versions** osCommerce Japanese versions 2.2ms1j-R8 and earlier **Description** The issue allows remote authenticated administrators to read arbitrary files. **Recommendations** For osCommerce Japanese versions 2.2ms1j-R8 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 0.8.8d **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 0.8.8d, update to version 0.8.8d or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MosP kintai kanri versions prior to 4.1.0 **Description** The issue allows remote authenticated users to read other users' information due to a lack of privilege enforcement. **Recommendations** For versions prior to 4.1.0, update to version 4.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MosP kintai kanri versions prior to 4.1.0 **Description** The issue allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, due to improper authentication. **Recommendations** For versions prior to 4.1.0, update to version 4.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** HP no Mawashimono Nikki versions 6.6 and earlier **Description** A directory traversal issue allows remote attackers to read and modify arbitrary files. **Recommendations** For versions 6.6 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** HP no Mawashimono Nikki versions 6.6 and earlier **Description** The issue allows remote attackers to execute arbitrary commands, related to a command injection vulnerability. **Recommendations** For HP no Mawashimono Nikki versions 6.6 and earlier, update to a version later than 6.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cybozu Office versions prior to 8.0.0 **Description** The issue allows remote authenticated users to bypass intended access restrictions, accessing sensitive information such as time card and attendance data. This is achieved through manipulation of a URL. **Recommendations** For versions prior to 8.0.0, update to version 8.0.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BaserCMS versions prior to 1.6.12 **Description** The issue allows remote authenticated users to gain privileges due to improper restrictions on additions to the membership of the operators group. **Recommendations** For versions prior to 1.6.12, update to version 1.6.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BaserCMS versions prior to 1.6.13.2 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 1.6.13.2, update to version 1.6.13.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Aimluck Aipo versions prior to 4.0.4.0 Aipo for ASP versions prior to 4.0.4.0 **Description** The issue is related to a cross-site request forgery (CSRF) vulnerability, which allows remote attackers to hijack the authentication of administrators for requests that modify data. This can lead to unauthorized changes to data. **Recommendations** For Aimluck Aipo versions prior to 4.0.4.0, update to version 4.0.4.0 or later. For Aipo for ASP versions prior to 4.0.4.0, update to version 4.0.4.0 or later.

**Name of the Vulnerable Software and Affected Versions** Blogn (BURO GUN) versions 1.9.7 and earlier **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users for requests that make content modifications. **Recommendations** For Blogn (BURO GUN) versions 1.9.7 and earlier, consider implementing anti-CSRF measures, such as token-based validation, to prevent unauthorized requests. As a temporary workaround, restrict access to sensitive content modification functionality until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Blogn (BURO GUN) versions 1.9.7 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For versions 1.9.7 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.