Summary
This host is running Cybozu Office and is prone to cross site scripting vulnerabilities.
Impact
Successful exploitation could allow remote attackers execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Impact Level: Application
Solution
Upgrade to Cybozu Office version 8.1.1 or later
For updates refer to http://products.cybozu.co.jp/office/
Insight
The flaw is caused by improper validation of unspecified input related to the address book and user list functions, which allows attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Affected
Cybozu Office versions 6, 7, and 8 before 8.1.1
References
Severity
Classification
-
CVE CVE-2011-1335 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- Apache Tomcat TroubleShooter Servlet Installed
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
- Apache Rave User Information Disclosure Vulnerability