JVN#69128376
Multiple vulnerabilities in "Musetheque V4 Information Disclosure for IPKNOWLEDGE"

Overview

Musetheque V4 Information Disclosure for IPKNOWLEDGE provided by Fujitsu Japan Limited contains multiple vulnerabilities.

Products Affected

• Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier

Description

Musetheque V4 Information Disclosure for IPKNOWLEDGE provided by Fujitsu Japan Limited contains multiple vulnerabilities listed below.

• Cross-site scripting (CWE-79)
  • CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 4.8
  • CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4
  • CVE-2026-24662
• Cross-site request forgery (CWE-352)
  • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Base Score 8.5
    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Base Score 8.1
  • CVE-2026-28761

Impact

• If a file containing malicious contents is uploaded, an arbitrary script may be executed on a user's web browser when viewing the administration page showing the information of the file (CVE-2026-24662)
• If a user views a malicious page while logged-in to the affected product, unexpected operations may be done (CVE-2026-28761)

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.
The developer has released the following version that address these vulnerabilities.

• Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2603.1