Cross site scripting

2013-12-1318:07:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.3%

JSON

Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button.

CPENameOperatorVersion
dezieeq8.0.4
dezieeq8.0.6
dezieeq8.0.1
dezieeq8.0.5
deziele8.0.7
dezieeq8.0.0
dezieeq8.0.2
dezieeq8.0.3

Name	Operator	Version
dezie	eq	8.0.4
dezie	eq	8.0.6
dezie	eq	8.0.1
dezie	eq	8.0.5
dezie	le	8.0.7
dezie	eq	8.0.0
dezie	eq	8.0.2
dezie	eq	8.0.3

References

cs.cybozu.co.jp/information/20131209up11.php

jvn.jp/en/jp/JVN21336955/index.html

jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000118.html

osvdb.org/100819

secunia.com/advisories/55962

exchange.xforce.ibmcloud.com/vulnerabilities/89577