Cybozu Products Images Cross-Site Scripting Vulnerability Network Vulnerability

Summary

This host is running Cybozu Office or Cybozu Garoon and is prone to cross site scripting vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application

Solution

Upgrade to Cybozu Garoon version 2.5.0, Cybozu Office 7 or later. For updates refer to http://products.cybozu.co.jp/

Insight

The flaw is caused by improper validation of unspecified input related to downloading images from the bulletin board, which allows attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Affected

Cybozu Office 6 Cybozu Garoon version 2.0.0 through 2.1.3

References

http://jvn.jp/en/jp/JVN80877328/index.html
http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000045.html
http://secunia.com/advisories/45063

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1333

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

An Image Gallery Multiple Cross-Site Scripting Vulnerability
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
Apache Solr Directory Traversal Vulnerability Jan-14
Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
Apache Subversion Module Metadata Accessible

Take action and discover your vulnerabilities