Summary
This host is running Cybozu Office or Cybozu Garoon and is prone to cross site scripting vulnerability.
Impact
Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Impact Level: Application
Solution
Upgrade to Cybozu Garoon version 2.5.0, Cybozu Office 7 or later.
For updates refer to http://products.cybozu.co.jp/
Insight
The flaw is caused by improper validation of unspecified input related to downloading images from the bulletin board, which allows attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Affected
Cybozu Office 6
Cybozu Garoon version 2.0.0 through 2.1.3
References
Severity
Classification
-
CVE CVE-2011-1333 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities