CVE-2023-27510

JB Inquiry form contains an exposure of private personal information to an unauthorized actor vulnerability, which may allow a remote unauthenticated attacker to obtain information entered from forms created using the affected product. The affected products and versions are as follows: JB Inquiry form versions 0.6.1 and 0.6.0, JB Inquiry form versions 0.5.2, 0.5.1 and 0.5.0, and JB Inquiry form version 0.40.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
jpcertCNA
---
---
CVEADP
---
---
CISA-ADPADP
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
jubeijb_inquiry_form
0.5.0
jubeijb_inquiry_form
0.5.1
jubeijb_inquiry_form
0.5.2
jubeijb_inquiry_form
0.6.0
jubeijb_inquiry_form
0.6.1
jubeijb_inquiry_form
0.40
𝑥
= Vulnerable software versions
References
https://jubei.co.jp/formmail/info20230414.html
https://jvn.jp/en/jp/JVN36340790/
https://jubei.co.jp/formmail/info20230414.html
https://jvn.jp/en/jp/JVN36340790/