Vulnerability Key Information Vulnerability ID: JVNDB-2017-000097 Vulnerability Name: Empirical Project Monitor - eXtended vulnerable to cross-site scripting Overview: Empirical Project Monitor - eXtended provides a reflected cross-site scripting vulnerability. This vulnerability is different from JVN#85512750. Reported by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. CVSS Score: CVSS V3 Severity: 6.1 (Medium) - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Confidentiality Impact: Low 表完整性影响: Low - Availability Impact: None CVSS V2 Severity: 4.3 (Medium) - Access Vector: Network - Access Complexity: Medium - Authentication: None - Confidentiality Impact: Partial - Integrity Impact: Partial - Availability Impact: None Affected Products: Empirical Project Monitor - eXtended by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) Impact: Arbitrary scripts may be executed on users' web browsers. Solution: Do not use Empirical Project Monitor - eXtended. Developers have stated that development and support for this product have been discontinued, and users are advised to stop using it. Vendor Information: IPA: INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) Website (Japanese) CWE: 1. Cross-site Scripting (CWE-79) [IPA Evaluation] CVE: 1. CVE-2017-2174 References: 1. JVN: JVN#11326581 2. National Vulnerability Database (NVD): CVE-2017-2174 Revision History: 2017/05/19: Web page published 2017/11/27: Content added