Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2011 Greenbone AGOPENVAS:1361412562310902537
HistoryJul 05, 2011 - 12:00 a.m.

Cybozu Products Mail System Images XSS Vulnerability

2011-07-0500:00:00
Copyright (C) 2011 Greenbone AG
plugins.openvas.org
15

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.3%

JSON

Cybozu Office, Cybozu Garoon, Cybozu Dezie or Cybozu MailWise is
prone to a cross-site scripting (XSS) vulnerability.

# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.902537");
  script_version("2024-01-10T05:05:17+0000");
  script_tag(name:"last_modification", value:"2024-01-10 05:05:17 +0000 (Wed, 10 Jan 2024)");
  script_tag(name:"creation_date", value:"2011-07-05 13:15:06 +0200 (Tue, 05 Jul 2011)");
  script_cve_id("CVE-2011-1334");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_name("Cybozu Products Mail System Images XSS Vulnerability");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_cybozu_products_http_detect.nasl");
  script_mandatory_keys("cybozu/products/detected");

  script_xref(name:"URL", value:"http://secunia.com/advisories/45043");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/48446");
  script_xref(name:"URL", value:"http://jvn.jp/en/jp/JVN54074460/index.html");
  script_xref(name:"URL", value:"http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000046.html");

  script_tag(name:"summary", value:"Cybozu Office, Cybozu Garoon, Cybozu Dezie or Cybozu MailWise is
  prone to a cross-site scripting (XSS) vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"impact", value:"Successful exploitation could allow remote attackers to execute
  arbitrary HTML and script code in a user's browser session in context of an affected site.");

  script_tag(name:"affected", value:"- Cybozu Office versions 6.x

  - Cybozu Dezie versions before 6.1

  - Cybozu MailWise versions before 3.1

  - Cybozu Garoon versions 2.0.0 through 2.1.3");

  script_tag(name:"insight", value:"The flaw is caused by improper validation of unspecified input
  related to downloading images from the mail system, which allows attackers to execute arbitrary
  HTML and script code in a user's browser session in context of an affected site.");

  script_tag(name:"solution", value:"Update to:

  - Cybozu Garoon version 2.5.0 or later

  - Cybozu Office version 7 or later

  - Cybozu Dezie version 6.1 or later

  - Cybozu Mailwise version 3.1 or later");

  script_tag(name:"qod_type", value:"remote_banner");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

cpe_list = make_list("cpe:/a:cybozu:office",
                     "cpe:/a:cybozu:garoon",
                     "cpe:/a:cybozu:dezie",
                     "cpe:/a:cybozu:mailwise");

if(!infos = get_app_port_from_list(cpe_list:cpe_list))
  exit(0);

port = infos["port"];
cpe = infos["cpe"];

if(!infos = get_app_version_and_location(cpe:cpe, port:port, exit_no_version:TRUE))
  exit(0);

version = infos["version"];
location = infos["location"];

if(cpe == "cpe:/a:cybozu:office") {
  if(version =~ "^6\.+") {
    report = report_fixed_ver(installed_version:version, fixed_version:"7", install_path:location);
    security_message(port:port, data:report);
    exit(0);
  }
}

else if(cpe == "cpe:/a:cybozu:garoon") {
  if(version_in_range(version:version, test_version:"2.0.0", test_version2:"2.1.3")) {
    report = report_fixed_ver(installed_version:version, fixed_version:"2.5.0", install_path:location);
    security_message(port:port, data:report);
    exit(0);
  }
}

else if(cpe == "cpe:/a:cybozu:dezie") {
  if(version_is_less(version:version, test_version:"6.1")) {
    report = report_fixed_ver(installed_version:version, fixed_version:"6.1", install_path:location);
    security_message(port:port, data:report);
    exit(0);
  }
}

else if(cpe == "cpe:/a:cybozu:mailwise") {
  if(version_is_less(version:version, test_version:"3.1")) {
    report = report_fixed_ver(installed_version:version, fixed_version:"3.1", install_path:location);
    security_message(port:port, data:report);
    exit(0);
  }
}

exit(99);

Related

jvn 1
cvelist 1
openvas 1
nvd 1
cve 1
prion 1
jvn
jvn
JVN#54074460: Multiple Cybozu products vulnerable to cross-site scripting
2011-06-24 00:00:00
cvelist
cvelist
CVE-2011-1334
2022-10-03 16:15:11
openvas
openvas
Cybozu Products Mail System Images Cross-Site Scripting Vulnerability
2011-07-05 00:00:00
nvd
nvd
CVE-2011-1334
2011-06-29 17:55:02
cve
cve
CVE-2011-1334
2022-10-03 16:15:11
prion
prion
Cross site scripting
2011-06-29 17:55:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.3%

JSON
Related for OPENVAS:1361412562310902537
jvn1cvelist1openvas1nvd1cve1prion1