Cybozu Garoon Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running Cybozu Garoon and is prone to cross site scripting vulnerability.

Impact

Successful exploitation could allow remote attackers to to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application

Solution

Upgrade to Cybozu Garoon version 2.5.0 or later. For updates refer to http://products.cybozu.co.jp/garoon/download/

Insight

The flaw is caused by improper validation of unspecified user-supplied input, which allows attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Affected

Cybozu Garoon version 2.0.0 through 2.1.3

References

http://cybozu.co.jp/products/dl/notice/detail/0023.html
http://jvn.jp/en/jp/JVN59779256/index.html
http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000044.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1332

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat SecurityConstraints Security Bypass Vulnerability
Adobe ColdFusion HTTP Response Splitting Vulnerability
Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
@Mail 'MailType' Parameter Cross Site Scripting Vulnerability
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities