CVE-2011-1333

Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the bulletin board system."

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://cybozu.co.jp/products/dl/notice/detail/0019.html	Patch Vendor Advisory
http://jvn.jp/en/jp/JVN80877328/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000045
http://secunia.com/advisories/45063	Vendor Advisory
http://www.osvdb.org/73327
http://www.securityfocus.com/bid/48446

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cybozu:garoon:2.0.0:::::::*
	cpe:2.3:a:cybozu:garoon:2.0.1:::::::*
	cpe:2.3:a:cybozu:garoon:2.0.2:::::::*
	cpe:2.3:a:cybozu:garoon:2.0.3:::::::*
	cpe:2.3:a:cybozu:garoon:2.0.4:::::::*
	cpe:2.3:a:cybozu:garoon:2.0.5:::::::*
	cpe:2.3:a:cybozu:garoon:2.0.6:::::::*
	cpe:2.3:a:cybozu:garoon:2.1.0:::::::*
	cpe:2.3:a:cybozu:garoon:2.1.1:::::::*
	cpe:2.3:a:cybozu:garoon:2.1.2:::::::*
	cpe:2.3:a:cybozu:garoon:2.1.3:::::::*

Configuration 2 (hide)

cpe:2.3:a:cybozu:office:6:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-06-29 17:55

Updated : 2024-02-28 11:41

NVD link : CVE-2011-1333

Mitre link : CVE-2011-1333

CVE.ORG link : CVE-2011-1333

JSON object : View

Products Affected

cybozu

office
garoon

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2011-1333", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-06-29T17:55:02.817", "references": [{"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html", "tags": ["Patch", "Vendor Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "http://jvn.jp/en/jp/JVN80877328/index.html", "source": "vultures@jpcert.or.jp"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000045", "source": "vultures@jpcert.or.jp"}, {"url": "http://secunia.com/advisories/45063", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "http://www.osvdb.org/73327", "source": "vultures@jpcert.or.jp"}, {"url": "http://www.securityfocus.com/bid/48446", "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"downloading graphic files from the bulletin board system.\""}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Cybozu Office v6 y Cybozu Garoon v2.0.0 hasta v2.1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores relacionados con \"la descarga de archivos gr\u00e1ficos desde el panel de sistema de boletines\""}], "lastModified": "2011-06-30T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1556F99E-1609-44FF-83F0-F43FBDE738A4"}, {"criteria": "cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "348C389E-ADFD-4D2C-AA54-220664EA2755"}, {"criteria": "cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48F3F19B-25A7-4E9E-9961-1F7C8DBC0327"}, {"criteria": "cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08AE0E10-87A4-4862-A873-A943F44A9862"}, {"criteria": "cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C88D773E-B6DE-4FD2-A911-0D13C6CA902C"}, {"criteria": "cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C846A750-F26E-4F1F-85A3-F95BCC9F8A3E"}, {"criteria": "cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E139B6A-2F36-4EB5-BA1F-84D67C89E935"}, {"criteria": "cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F585001-37C9-42F5-8B13-56827E6AC785"}, {"criteria": "cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47FD3F43-9ECA-4815-8BDC-B9DAC07E9400"}, {"criteria": "cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F5F2D43-8B67-4D84-94AF-262F6D66F2B9"}, {"criteria": "cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "277403E7-3CD9-458C-9669-FB983FF94568"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cybozu:office:6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "840B6B7E-3894-42FE-9703-9F58E3E1C343"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}