CVE-2011-1334

Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the mail system."
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
cybozugaroon
2.0.0
cybozugaroon
2.0.1
cybozugaroon
2.0.2
cybozugaroon
2.0.3
cybozugaroon
2.0.4
cybozugaroon
2.0.5
cybozugaroon
2.0.6
cybozugaroon
2.1.0
cybozugaroon
2.1.1
cybozugaroon
2.1.2
cybozugaroon
2.1.3
cybozudezie
𝑥
≤ 6.0
cybozudezie
1.0
cybozudezie
2.0
cybozudezie
3.0
cybozudezie
4.0
cybozudezie
5.0
cybozudezie
5.1
cybozumailwise
𝑥
≤ 3.0
cybozumailwise
1.0
cybozumailwise
2.0
cybozumailwise
2.1
cybozucollaborex
𝑥
≤ 1.1
cybozucollaborex
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://cybozu.co.jp/products/dl/notice/detail/0019.html
http://jvn.jp/en/jp/JVN54074460/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046
http://secunia.com/advisories/45043
http://www.osvdb.org/73317
http://www.securityfocus.com/bid/48446
http://cybozu.co.jp/products/dl/notice/detail/0019.html
http://jvn.jp/en/jp/JVN54074460/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046
http://secunia.com/advisories/45043
http://www.osvdb.org/73317
http://www.securityfocus.com/bid/48446