Description
Cross-site scripting vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a file containing malicious contents is uploaded, an arbitrary script may be executed on a user's web browser when viewing the administration page showing the information of the file.
Published: 2026-05-15
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A cross‑site scripting flaw exists when a user uploads a file that contains malicious content. When an administrator views the file information on the administration page, the malicious script runs in the admin’s browser. This allows the attacker to execute JavaScript in the context of the victim’s session, potentially enabling session hijacking, credential theft, or defacement. The weakness is a classic reflected XSS (CWE‑79).

Affected Systems

The issue affects Fujitsu Japan Limited Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier releases. Any deployment of these versions is vulnerable.

Risk and Exploitability

The CVSS score of 4.8 denotes moderate severity, and no EPSS score is available, indicating limited public exploitation data. The vulnerability requires that a malicious file be uploaded and that a legitimate administrator open the resulting administration page, so exploitation typically involves internal or privileged users or social engineering. The flaw is listed as not in the CISA KEV catalog.

Generated by OpenCVE AI on May 15, 2026 at 06:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Musetheque V4 to a version newer than rev2203.0 or apply the vendor‑provided fix when available.
  • Restrict or temporarily disable the file‑upload feature on administration pages until a patch is applied.
  • Ensure server‑side encoding or content‑type validation of uploaded files to prevent execution of injected scripts.

Generated by OpenCVE AI on May 15, 2026 at 06:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://jvn.jp/en/jp/JVN69128376/ cve-icon cve-icon
History

Fri, 15 May 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 06:45:00 +0000

Type Values Removed Values Added
Title Cross‑Site Scripting in Musetheque V4 Information Disclosure for IPKNOWLEDGE

Fri, 15 May 2026 05:45:00 +0000

Type Values Removed Values Added
Description Cross-site scripting vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a file containing malicious contents is uploaded, an arbitrary script may be executed on a user's web browser when viewing the administration page showing the information of the file.
Weaknesses CWE-79
References
Metrics cvssV3_0

{'score': 5.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-05-15T11:10:43.760Z

Reserved: 2026-04-06T01:20:30.972Z

Link: CVE-2026-24662

cve-icon Vulnrichment

Updated: 2026-05-15T11:10:38.648Z

cve-icon NVD

Status : Deferred

Published: 2026-05-15T06:16:19.960

Modified: 2026-05-15T14:30:03.170

Link: CVE-2026-24662

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T06:30:38Z

Weaknesses