CVE-2016-4866

The CVE-2016-4866 issue affects Cybozu Office 9.0.0 to 10.4.0. It is a cross-site scripting vulnerability in the "Project" function that allows an attacker with administrator rights to inject arbitrary web script or HTML into the affected interface. Related sources (NVD/JVN) confirm the vulnerabl...

JVN#06726266: Cybozu Office multiple cross-site scripting vulnerabilities

Cybozu Office contains multiple cross-site scripting vulnerabilities below. Cross-site scripting in the "Customapp" function - CVE-2016-4865 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.8 CVSS v2| AV:N/AC:L/Au:S/C:N/I:P/A:N| Base Score:...