Cross site scripting

2011-06-2917:55:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.3%

JSON

Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to “downloading graphic files from the mail system.”

CPENameOperatorVersion
collaborexeq1.0
collaborexle1.1
dezieeq5.1
dezieeq4.0
dezieeq5.0
dezieeq2.0
dezieeq3.0
deziele6.0
dezieeq1.0
garooneq2.1.0

Name	Operator	Version
collaborex	eq	1.0
collaborex	le	1.1
dezie	eq	5.1
dezie	eq	4.0
dezie	eq	5.0
dezie	eq	2.0
dezie	eq	3.0
dezie	le	6.0
dezie	eq	1.0
garoon	eq	2.1.0

Rows per page:

1-10 of 251

References

cybozu.co.jp/products/dl/notice/detail/0019.html

jvn.jp/en/jp/JVN54074460/index.html

jvndb.jvn.jp/jvndb/JVNDB-2011-000046

secunia.com/advisories/45043

www.osvdb.org/73317

www.securityfocus.com/bid/48446