ss-proj 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk open redirect and パス処理の欠陥 などに関し、一部は ファイル上書き を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-46898 | SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests. | [email protected] | 7.5 | 0.97% | 2024-10-15 | 2026-06-17 |
| CVE-2023-41889 | SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface after the normalization. The fix is initially performing the Unicode normalization and then strip for all whitespaces and then checking for a blank string. This issue has been fixed in version 1.18.0. | [email protected] | 5.3 | 0.58% | 2023-09-15 | 2026-06-17 |
| CVE-2023-38569 | Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. | [email protected] | 5.4 | 0.41% | 2023-09-05 | 2026-06-17 |
| CVE-2023-36492 | Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. | [email protected] | 6.1 | 0.41% | 2023-09-05 | 2026-06-17 |
| CVE-2023-39448 | Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution. | [email protected] | 8.8 | 1.07% | 2023-09-05 | 2026-06-17 |
| CVE-2023-22427 | Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script. | [email protected] | 4.8 | 0.83% | 2023-02-24 | 2026-06-17 |
| CVE-2023-22425 | Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. | [email protected] | 5.4 | 0.83% | 2023-02-24 | 2026-06-17 |
| CVE-2022-43499 | Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | [email protected] | 5.4 | 0.83% | 2022-12-04 | 2026-06-17 |
| CVE-2022-43479 | Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack. | [email protected] | 6.1 | 0.92% | 2022-12-04 | 2026-06-17 |
| CVE-2022-29485 | Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. | [email protected] | 6.1 | 0.96% | 2022-06-14 | 2026-06-17 |
| CVE-2020-5607 | Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | [email protected] | 6.1 | 1.20% | 2020-07-09 | 2026-06-16 |
| CVE-2019-6009 | Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | [email protected] | 6.1 | 1.85% | 2019-09-12 | 2026-06-16 |