Cybozu Garoon Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running Cybozu Garoon and is prone to cross site scripting vulnerability.

Impact

Successful exploitation could allow remote attackers to to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application

Solution

Upgrade to Cybozu Garoon version 2.5.0 or later. For updates refer to http://products.cybozu.co.jp/garoon/download/

Insight

The flaw is caused by improper validation of unspecified user-supplied input, which allows attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Affected

Cybozu Garoon version 2.0.0 through 2.1.3

References

http://cybozu.co.jp/products/dl/notice/detail/0023.html
http://jvn.jp/en/jp/JVN59779256/index.html
http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000044.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1332
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
An Image Gallery Directory Traversal Vulnerability
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities

Take action and discover your vulnerabilities