Information from Media Fusion Co.,Ltd.
Vulnerability ID:JVN#21176842
Title:MF Teacher Performance Management System vulnerable to cross-site scripting
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
The package provided by our company
A cross-site scripting vulnerability existed in the external publication screen of the Faculty Achievement Management System.
The vulnerability has been addressed for the products of institutions that have installed the affected versions.
■ Affected product versions
Version 6 of the Faculty Achievement Management System
Version 5 and earlier products are not affected.
■ Expected impact
If a request containing a script is sent on the external publication screen of the Faculty Performance Management System, an arbitrary script may be executed on the user's web browser.