Cybozu Office Address Book And User List Cross-Site Scripting Vulnerabilities Network Vulnerability

Summary

This host is running Cybozu Office and is prone to cross site scripting vulnerabilities.

Impact

Successful exploitation could allow remote attackers execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application

Solution

Upgrade to Cybozu Office version 8.1.1 or later For updates refer to http://products.cybozu.co.jp/office/

Insight

The flaw is caused by improper validation of unspecified input related to the address book and user list functions, which allows attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Affected

Cybozu Office versions 6, 7, and 8 before 8.1.1

References

http://jvn.jp/en/jp/JVN55508059/index.html
http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000047.html
http://osvdb.org/73320
http://secunia.com/advisories/44992

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1335

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Afian 'includer.php' Directory Traversal Vulnerability
AMSI 'file' Parameter Directory Traversal Vulnerability
/doc directory browsable ?
Apache Tiles Multiple XSS Vulnerability
Apache Tomcat SecurityConstraints Security Bypass Vulnerability

Cybozu Office Address Book and User List Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities