3 matches found
CVE-2016-4870
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function...
CVE-2016-4870
CVE-2016-4870 is a cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0, exploitable via the Schedule function by a remote, authenticated attacker who can inject script or HTML into the victim’s browser. Affected product: Cybozu Office versions 9.0.0–10.4.0. Root cause: improper ha...
JVN#06726266: Cybozu Office multiple cross-site scripting vulnerabilities
Cybozu Office contains multiple cross-site scripting vulnerabilities below. Cross-site scripting in the "Customapp" function - CVE-2016-4865 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.8 CVSS v2| AV:N/AC:L/Au:S/C:N/I:P/A:N| Base Score:...