[Japanese]

JVNDB-2024-000113

N-LINE vulnerable to HTML injection

Overview

N-LINE provided by NEUMANN CO.LTD. is an online learning management system for driving schools.
N-LINE processes inputs with insufficient check (CWE-94), and malicious inputs from an student's device may badly impact the instructor's screen.

Ayato Shitomi of Fore-Z co.ltd reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.4 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low
Affected Products


NEUMANN CO.LTD.
  • N-LINE 2.0.6 and prior versions

Impact

Arbitrary code may be executed on the instructor's browser, or the instructor may be directed to a malicious website.
Solution

[Update the application]
Update the application to the latest version according to the information provided by the developer.
Version 2.0.7 has addressed this vulnerability.
Vendor Information

NEUMANN CO.LTD.
CWE (What is CWE?)

  1. Code Injection(CWE-94) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2024-47158
References

  1. JVN : JVN#57285747
Revision History

  • [2024/10/18]
      Web page was published
  • [2024/10/25]
      Vendor Information : Content was modified

Date Public2024/10/18
Date First Published2024/10/18
Date Last Updated2024/10/25