tru-zone 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting、vendor risk sql injection, and vendor risk input validation があり、vendor surface production workloads の利用場面で vendor impact session compromise、vendor impact unexpected behavior, and vendor impact data exposure などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2008-2134 | The Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to obtain access to arbitrary user accounts, and alter or delete data, via a modified username in an unspecified cookie. | [email protected] | 6.8 | 0.63% | 2008-05-09 | 2026-04-23 |
| CVE-2008-2133 | Cross-site scripting (XSS) vulnerability in the Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter in a new entry, as demonstrated by a CSS property in the STYLE attribute of a DIV element, a different vulnerability than CVE-2008-1873. | [email protected] | 4.3 | 0.33% | 2008-05-09 | 2026-04-23 |
| CVE-2008-1873 | Cross-site scripting (XSS) vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter. NOTE: some of these details are obtained from third party information. | [email protected] | 4.3 | 0.33% | 2008-04-17 | 2026-04-23 |
| CVE-2007-1925 | The borrado function in modules/Your_Account/index.php in Tru-Zone Nuke ET 3.4 before fix 7 does not verify that account deletion requests come from the account owner, which allows remote authenticated users to delete arbitrary accounts via a modified cookie. | [email protected] | 6.5 | 0.98% | 2007-04-10 | 2026-04-23 |
| CVE-2005-3748 | SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the query parameter. | [email protected] | 7.5 | 0.53% | 2005-11-22 | 2026-04-16 |
| CVE-2005-1610 | Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone NukeET 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via a base64 encoded Codigo parameter. | [email protected] | 6.8 | 1.70% | 2005-05-16 | 2026-04-16 |