online_fire_reporting_system_project 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk sql injection and vendor risk cross-site scripting があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact data exposure and vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-34611 | A cross-site scripting (XSS) vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "Contac #" text field. | [email protected] | 5.4 | 0.41% | 2022-07-27 | 2024-11-21 |
| CVE-2022-31879 | Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date parameter. | [email protected] | 8.8 | 0.74% | 2022-07-26 | 2024-11-21 |
| CVE-2022-31906 | Online Fire Reporting System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ofrs/classes/Master.php. | [email protected] | 4.8 | 0.22% | 2022-06-16 | 2024-11-21 |
| CVE-2022-31415 | Online Fire Reporting System v1.0 was discovered to contain a SQL injection vulnerability via the GET parameter in /report/list.php. | [email protected] | 6.5 | 0.23% | 2022-06-14 | 2024-11-21 |
| CVE-2022-31984 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=. | [email protected] | 7.2 | 23.41% | 2022-06-02 | 2024-11-21 |
| CVE-2022-31983 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request&id=. | [email protected] | 7.2 | 45.27% | 2022-06-02 | 2024-11-21 |
| CVE-2022-31982 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=. | [email protected] | 7.2 | 10.48% | 2022-06-02 | 2024-11-21 |
| CVE-2022-31981 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=. | [email protected] | 7.2 | 10.48% | 2022-06-02 | 2024-11-21 |
| CVE-2022-31980 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=. | [email protected] | 7.2 | 10.48% | 2022-06-02 | 2024-11-21 |
| CVE-2022-31978 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry. | [email protected] | 9.8 | 48.04% | 2022-06-02 | 2024-11-21 |
| CVE-2022-31977 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team. | [email protected] | 9.8 | 37.99% | 2022-06-02 | 2024-11-21 |
| CVE-2022-31976 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request. | [email protected] | 9.8 | 41.48% | 2022-06-02 | 2024-11-21 |
| CVE-2022-31975 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user&id=. | [email protected] | 7.2 | 17.54% | 2022-06-02 | 2024-11-21 |
| CVE-2022-31974 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=. | [email protected] | 7.2 | 17.54% | 2022-06-02 | 2024-11-21 |
| CVE-2022-31973 | Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=delete_img. | [email protected] | 6.5 | 0.31% | 2022-06-02 | 2024-11-21 |