Shogo Iyota

**Name of the Vulnerable Software and Affected Versions** TOA Corporation TRIFORA 3 series Network Cameras (affected versions not specified) **Description** A cross-site scripting issue exists in TOA Corporation’s TRIFORA 3 series Network Cameras. An attacker who is an administrator can execute arbitrary scripts on the web browser of a victim administrator by configuring the product with malicious input through the setting screen. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOA Corporation TRIFORA 3 series Network Cameras (affected versions not specified) **Description** An OS Command Injection issue exists in TOA Corporation’s TRIFORA 3 series Network Cameras. A logged-in user with monitoring user or higher privileges may be able to execute arbitrary OS commands. The issue allows for the execution of commands on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WTW-EAGLE App (affected versions not specified) Description: The WTW-EAGLE App does not properly validate server certificates, potentially allowing a man-in-the-middle attacker to monitor encrypted traffic. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wivia 5 (affected versions not specified) **Description** A cross-site scripting issue exists. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wivia 5 (affected versions not specified) **Description** There is an issue with OS command injection in Wivia 5. If this issue is exploited, a logged-in administrative user could execute an arbitrary OS command. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wivia 5 (affected versions not specified) **Description** A client-side enforcement of server-side security issue exists. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device as the moderator user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OSS Calendar versions prior to 2.0.3 **Description** The issue allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request. This can be achieved through SQL injection. **Recommendations** For OSS Calendar versions prior to 2.0.3, update to version 2.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the database and limiting the privileges of authenticated users to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** baserCMS versions prior to 4.7.2 **Description** The issue allows a remote authenticated attacker with administrative privileges to inject an arbitrary script due to a stored cross-site scripting vulnerability in the Permission Settings. **Recommendations** For versions prior to 4.7.2, update to version 4.7.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** baserCMS versions prior to 4.7.2 **Description** The issue allows a remote authenticated attacker with administrative privileges to inject an arbitrary script in the User group management of baserCMS. This is a stored cross-site scripting issue. **Recommendations** For versions prior to 4.7.2, update to version 4.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the User group management feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BaserCMS (affected versions not specified) **Description** The issue is a cross-site scripting vulnerability in the management system of BaserCMS, a content management system with a Japanese language focus. This vulnerability needs to be addressed when the management system is used by an unspecified number of users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.