Cross-site scripting (XSS) vulnerability in Nippon Institute of Agroinformatics SOY CMS 1.4.0c and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| n-i-agroinformatics | soy_cms | * |
Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| n-i-agroinformatics | soy_cms | 1.8.5 |
| n-i-agroinformatics | soy_cms | 1.8.10 |
| n-i-agroinformatics | soy_cms | 1.8.2 |
| n-i-agroinformatics | soy_cms | 1.8.1 |
| n-i-agroinformatics | soy_cms | 1.8.3 |
| n-i-agroinformatics | soy_cms | 1.8.11 |
| n-i-agroinformatics | soy_cms | 1.8.4 |
| n-i-agroinformatics | soy_cms | 1.8.8 |
| n-i-agroinformatics | soy_cms | 1.8.9 |
| n-i-agroinformatics | soy_cms | 1.8.7 |
| n-i-agroinformatics | soy_cms | 1.8.6 |
| n-i-agroinformatics | soy_cms | 1.8.12 |
Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| n-i-agroinformatics | soy_cms | * |