Pleasanter

pleasanter

7 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-21584 1Pleasanter 1Pleasanter Mar 13, 2025 Mar 12, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may b...Show more Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user. Show less
CVE-2023-46688 1Pleasanter 1Pleasanter Nov 21, 2024 Dec 6, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL.
CVE-2023-45210 1Pleasanter 1Pleasanter May 28, 2025 Dec 6, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access.
CVE-2023-34439 1Pleasanter 1Pleasanter Nov 21, 2024 Dec 6, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.
CVE-2023-32608 1Pleasanter 1Pleasanter Nov 21, 2024 Jun 30, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server.
CVE-2023-32607 1Pleasanter 1Pleasanter Nov 21, 2024 Jun 30, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.
CVE-2023-30758 1Pleasanter 1Pleasanter Jan 9, 2025 Jun 1, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.