Cybozu Office Address Book And User List Cross-Site Scripting Vulnerabilities Network Vulnerability

Summary

This host is running Cybozu Office and is prone to cross site scripting vulnerabilities.

Impact

Successful exploitation could allow remote attackers execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application

Solution

Upgrade to Cybozu Office version 8.1.1 or later For updates refer to http://products.cybozu.co.jp/office/

Insight

The flaw is caused by improper validation of unspecified input related to the address book and user list functions, which allows attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Affected

Cybozu Office versions 6, 7, and 8 before 8.1.1

References

http://jvn.jp/en/jp/JVN55508059/index.html
http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000047.html
http://osvdb.org/73320
http://secunia.com/advisories/44992

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1335
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Struts2 'XWork' Information Disclosure Vulnerability
Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
Apache Archiva Cross Site Request Forgery Vulnerability
Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
Apache Struts Directory Traversal Vulnerability

Cybozu Office Address Book and User List Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities