JVN#21176842
MF Teacher Performance Management System vulnerable to cross-site scripting
Overview
MF Teacher Performance Management System provided by Media Fusion Co.,Ltd. contains a cross-site scripting vulnerability.
Products Affected
- MF Teacher Performance Management System version 6
Description
MF Teacher Performance Management System provided by Media Fusion Co.,Ltd. contains a cross-site scripting vulnerability (CWE-79).
Impact
An arbitrary script may be executed on the web browser of the user who accessed the website using the product.
Solution
Apply the Patch
The developer has released a patch that contains a fix for this vulnerability.
For more details, contact the developer.
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Akira Sumiyoshi, Takuto Matsuhashi, Kei Watanabe, Akio Yamaguchi, Syunji Yazaki and Hideaki Tsuchiya of UEC-CSIRT, The University of Electro-Communications reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
JPCERT Alert |
|
JPCERT Reports |
|
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2024-41930 |
JVN iPedia |
JVNDB-2024-000104 |
Update History
- 2024/10/10
- Information under the section [Credit] was updated.