Skip to main content

Musetheque V4 Information Disclosure For Ipknowledge

2 CVEs product

Monthly

CVE-2026-28761 HIGH This Week

Cross-site request forgery in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier enables remote attackers to execute unauthorized operations through victim's authenticated session via malicious web pages. Successful exploitation achieves high confidentiality and integrity impact without requiring attacker authentication. Reported by JPCERT to JVN, indicating likely targeting of Japanese enterprise deployments. No active exploitation (CISA KEV) or public POC identified at time of analysis.

Information Disclosure CSRF Musetheque V4 Information Disclosure For Ipknowledge
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-24662 MEDIUM This Month

Stored cross-site scripting (XSS) in Fujitsu's Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 allows authenticated users to execute arbitrary scripts in administrators' browsers by uploading files with malicious content. When administrators view file information on the administration page, the injected script executes with user-level privileges. No public exploit code or active exploitation has been identified at the time of analysis.

XSS Information Disclosure Musetheque V4 Information Disclosure For Ipknowledge
NVD
CVSS 4.0
4.8
EPSS
0.0%
EPSS 0% CVSS 8.5
HIGH This Week

Cross-site request forgery in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier enables remote attackers to execute unauthorized operations through victim's authenticated session via malicious web pages. Successful exploitation achieves high confidentiality and integrity impact without requiring attacker authentication. Reported by JPCERT to JVN, indicating likely targeting of Japanese enterprise deployments. No active exploitation (CISA KEV) or public POC identified at time of analysis.

Information Disclosure CSRF Musetheque V4 Information Disclosure For Ipknowledge
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Stored cross-site scripting (XSS) in Fujitsu's Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 allows authenticated users to execute arbitrary scripts in administrators' browsers by uploading files with malicious content. When administrators view file information on the administration page, the injected script executes with user-level privileges. No public exploit code or active exploitation has been identified at the time of analysis.

XSS Information Disclosure Musetheque V4 Information Disclosure For Ipknowledge
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy