Information from UCHIDA YOKO CO., LTD.

[Description]
wivia 5 provided by UCHIDA YOKO CO., LTD. contains multiple vulnerabilities listed below.

1.OS Command Injection (CWE-78)
　CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 7.1
　CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H Base Score 6.7

2.Cross-site Scripting (CWE-79)
　CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N Base Score 5.1
　CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4

3.Client-Side Enforcement of Server-Side Security (CWE-602)
　CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 6.9
　CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Base Score 6.5

[Impact]
1.An arbitrary OS command may be executed by a logged-in administrative user.

2.When a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user.

3.An unauthenticated attacker may bypass authentication and operate the affected device as the moderator
user.