Cybozu Products Images Cross-Site Scripting Vulnerability Network Vulnerability

Summary

This host is running Cybozu Office or Cybozu Garoon and is prone to cross site scripting vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application

Solution

Upgrade to Cybozu Garoon version 2.5.0, Cybozu Office 7 or later. For updates refer to http://products.cybozu.co.jp/

Insight

The flaw is caused by improper validation of unspecified input related to downloading images from the bulletin board, which allows attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Affected

Cybozu Office 6 Cybozu Garoon version 2.0.0 through 2.1.3

References

http://jvn.jp/en/jp/JVN80877328/index.html
http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000045.html
http://secunia.com/advisories/45063

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1333
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

AbanteCart Multiple Cross-Site Scripting Vulnerabilities
Apache Archiva Home Page Cross-Site Scripting vulnerability
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
Ampache Reflected Cross Site Scripting Vulnerability
AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability

Take action and discover your vulnerabilities