JVN#80877328: Multiple Cybozu products vulnerable to cross-site scripting

2011-06-24T00:00:00
ID JVN:80877328
Type jvn
Reporter Japan Vulnerability Notes
Modified 2011-06-24T00:00:00

Description

## Description

Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the bulletin board system.

## Impact

An arbitrary script may be executed on the web browser of an user who is logged on.

## Solution

Update the software
Update to the latest version according to the information provided by the developer.

## Products Affected

  • Cybozu Office 6
  • Cybozu Garoon version 2.0.0 to 2.1.3