Musetheque V4 Information Disclosure For Ipknowledge
Monthly
Cross-site request forgery in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier enables remote attackers to execute unauthorized operations through victim's authenticated session via malicious web pages. Successful exploitation achieves high confidentiality and integrity impact without requiring attacker authentication. Reported by JPCERT to JVN, indicating likely targeting of Japanese enterprise deployments. No active exploitation (CISA KEV) or public POC identified at time of analysis.
Stored cross-site scripting (XSS) in Fujitsu's Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 allows authenticated users to execute arbitrary scripts in administrators' browsers by uploading files with malicious content. When administrators view file information on the administration page, the injected script executes with user-level privileges. No public exploit code or active exploitation has been identified at the time of analysis.
Cross-site request forgery in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier enables remote attackers to execute unauthorized operations through victim's authenticated session via malicious web pages. Successful exploitation achieves high confidentiality and integrity impact without requiring attacker authentication. Reported by JPCERT to JVN, indicating likely targeting of Japanese enterprise deployments. No active exploitation (CISA KEV) or public POC identified at time of analysis.
Stored cross-site scripting (XSS) in Fujitsu's Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 allows authenticated users to execute arbitrary scripts in administrators' browsers by uploading files with malicious content. When administrators view file information on the administration page, the injected script executes with user-level privileges. No public exploit code or active exploitation has been identified at the time of analysis.