Published:2024/09/27  Last Updated:2024/10/10

JVN#21176842
MF Teacher Performance Management System vulnerable to cross-site scripting

Overview

MF Teacher Performance Management System provided by Media Fusion Co.,Ltd. contains a cross-site scripting vulnerability.

Products Affected

  • MF Teacher Performance Management System version 6

Description

MF Teacher Performance Management System provided by Media Fusion Co.,Ltd. contains a cross-site scripting vulnerability (CWE-79).

Impact

An arbitrary script may be executed on the web browser of the user who accessed the website using the product.

Solution

Apply the Patch
The developer has released a patch that contains a fix for this vulnerability.
For more details, contact the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
Media Fusion Co.,Ltd. Vulnerable 2024/09/27

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score: 6.1

Credit

Akira Sumiyoshi, Takuto Matsuhashi, Kei Watanabe, Akio Yamaguchi, Syunji Yazaki and Hideaki Tsuchiya of UEC-CSIRT, The University of Electro-Communications reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2024-41930
JVN iPedia JVNDB-2024-000104

Update History

2024/10/10
Information under the section [Credit] was updated.