MidnightBSD

Advisories for n-i-agroinformatics

CVE-2014-1998 MEDIUM

Cross-site scripting (XSS) vulnerability in Nippon Institute of Agroinformatics SOY CMS 1.4.0c and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
n-i-agroinformatics soy_cms *
CVE-2017-2163 MEDIUM

Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
n-i-agroinformatics soy_cms 1.8.5
n-i-agroinformatics soy_cms 1.8.10
n-i-agroinformatics soy_cms 1.8.2
n-i-agroinformatics soy_cms 1.8.1
n-i-agroinformatics soy_cms 1.8.3
n-i-agroinformatics soy_cms 1.8.11
n-i-agroinformatics soy_cms 1.8.4
n-i-agroinformatics soy_cms 1.8.8
n-i-agroinformatics soy_cms 1.8.9
n-i-agroinformatics soy_cms 1.8.7
n-i-agroinformatics soy_cms 1.8.6
n-i-agroinformatics soy_cms 1.8.12
CVE-2017-2164 MEDIUM

Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
n-i-agroinformatics soy_cms *