Pleasanter: >> Pleasanter >> 0.51.16.3 Security Vulnerabilities
Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user.
CVSS Score
6.1
EPSS Score
0.005
Published
2024-03-12
Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-12-06
Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-12-06
Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-12-06
Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-06-30
Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-06-30
Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-06-01