Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN74825766/ | Third Party Advisory |
https://kb.cybozu.support/?product=garoon&v=&fv=6.0.2&t=%E8%84%86%E5%BC%B1%E6%80%A7&f=&r=&b=&s=&posts_per_page=20 | Vendor Advisory |
https://jvn.jp/en/jp/JVN74825766/ | Third Party Advisory |
https://kb.cybozu.support/?product=garoon&v=&fv=6.0.2&t=%E8%84%86%E5%BC%B1%E6%80%A7&f=&r=&b=&s=&posts_per_page=20 | Vendor Advisory |
Configurations
History
21 Nov 2024, 09:27
Type | Values Removed | Values Added |
---|---|---|
References | () https://jvn.jp/en/jp/JVN74825766/ - Third Party Advisory | |
References | () https://kb.cybozu.support/?product=garoon&v=&fv=6.0.2&t=%E8%84%86%E5%BC%B1%E6%80%A7&f=&r=&b=&s=&posts_per_page=20 - Vendor Advisory |
22 Aug 2024, 17:33
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:* | |
CWE | CWE-79 | |
Summary |
|
|
First Time |
Cybozu garoon
Cybozu |
|
References | () https://jvn.jp/en/jp/JVN74825766/ - Third Party Advisory | |
References | () https://kb.cybozu.support/?product=garoon&v=&fv=6.0.2&t=%E8%84%86%E5%BC%B1%E6%80%A7&f=&r=&b=&s=&posts_per_page=20 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
19 Jul 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-19 09:15
Updated : 2024-11-21 09:27
NVD link : CVE-2024-39457
Mitre link : CVE-2024-39457
CVE.ORG link : CVE-2024-39457
JSON object : View
Products Affected
cybozu
- garoon
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')