cvelistv5 - CVE-2019-5928

CVE-2019-5928

Vulnerability from cvelistv5

Published

2019-05-17 15:25

Modified

2024-08-04 20:09

Severity ?

Summary

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.

References

URL	Tags
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN58849431/index.html	Broken Link, Third Party Advisory
nvd@nist.gov	https://jvn.jp/en/jp/JVN58849431/	Third Party Advisory
vultures@jpcert.or.jp	https://kb.cybozu.support/article/34279/	Vendor Advisory

Impacted products

▼	Vendor	Product
	Cybozu, Inc.	Cybozu Garoon

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:09:23.798Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/34279/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Garoon",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.0 to 4.6.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-17T15:25:54",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/34279/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2019-5928",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Garoon",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.0.0 to 4.6.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.cybozu.support/article/34279/",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/34279/"
            },
            {
              "name": "http://jvn.jp/en/jp/JVN58849431/index.html",
              "refsource": "MISC",
              "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2019-5928",
    "datePublished": "2019-05-17T15:25:54",
    "dateReserved": "2019-01-10T00:00:00",
    "dateUpdated": "2024-08-04T20:09:23.798Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-5928\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2019-05-17T16:29:03.610\",\"lastModified\":\"2019-05-17T18:01:26.620\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad del tipo Cross-Site Scripting en Cybozu Garoon 4.0.0 a 4.6.3 permite a los atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de la funci\u00f3n Customize Item.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndIncluding\":\"4.6.3\",\"matchCriteriaId\":\"25167AB9-13BA-4AC2-83E4-D9C76A0D0A3B\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN58849431/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN58849431/\",\"source\":\"nvd@nist.gov\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kb.cybozu.support/article/34279/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

ghsa-87wr-fx2p-cj6q

Vulnerability from github

Published

2022-05-24 21:59

Modified

2022-05-24 21:59

Details

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-5928"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-17T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.",
  "id": "GHSA-87wr-fx2p-cj6q",
  "modified": "2022-05-24T21:59:51Z",
  "published": "2022-05-24T21:59:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5928"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN58849431"
    },
    {
      "type": "WEB",
      "url": "https://kb.cybozu.support/article/34279"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2019-5928

Vulnerability from jvndb

Published

2019-04-25 17:13

Modified

2023-11-08 16:39

Severity ?

6.0 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

Summary

Multiple vulnerabilities in Cybozu Garoon

Details

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. * Cross-site scripting in the additional processing of Customize Item function (CWE-79) - CVE-2019-5928 * Cross-site scripting in the application "Memo" (CWE-79) - CVE-2019-5929 * Browse restriction bypass in the application "Management of Basic System" (CWE-264) - CVE-2019-5930 * Improper verification of file path in installer (CWE-20) - CVE-2019-5931 * Stored cross-site scripting in the application "Portal" (CWE-79) - CVE-2019-5932 * Browse restriction bypass in the application "Bulletin" (CWE-284) - CVE-2019-5933 * SQL injection in the Log Search function of application "logging" (CWE-89) - CVE-2019-5934 * Operation restriction bypass in the Item function of User Information (CWE-264) - CVE-2019-5935 * Directory traversal in the application "Work Flow" (CWE-22) - CVE-2019-5936 * Cross-site scripting in the user information (CWE-79) - CVE-2019-5937 * Stored cross-site scripting in the application "Mail" (CWE-79) - CVE-2019-5938 * Cross-site scripting in the application "Portal" (CWE-79) - CVE-2019-5939 * Cross-site scripting in the application "Scheduler" (CWE-79) - CVE-2019-5940 * Operation restriction bypass in the application "Multi Report" (CWE-264) - CVE-2019-5941 * Browse restriction bypass in the Multiple Files Download function of application "Cabinet" (CWE-284) - CVE-2019-5942 * Browse restriction bypass in the application "Bulletin" and the application "Cabinet" (CWE-284) - CVE-2019-5943 * Operation restriction bypass in the application "Address" (CWE-264) - CVE-2019-5944 * Information disclosure in the authentication of Cybozu Garoon (CWE-287) - CVE-2019-5945 * Open redirect in the Login Screen (CWE-601) - CVE-2019-5946 * Cross-site scripting in the application "Cabinet" (CWE-79) - CVE-2019-5947 * Server-side request forgery in the V-CUBE Meeting function (CWE-918) - CVE-2020-5562 Cybozu, Inc. reported the following vulnerabilities to JPCERT/CC to notify users of the solution through JVN. * CVE-2019-5928, CVE-2019-5930, CVE-2019-5931, CVE-2019-5932, CVE-2019-5935, CVE-2019-5936, CVE-2019-5942 and CVE-2019-5947 by Cybozu, Inc. * CVE-2019-5929, CVE-2019-5937, CVE-2019-5938, CVE-2019-5939 and CVE-2019-5940 by Masato Kinugawa * CVE-2019-5933, CVE-2019-5941 and CVE-2019-5946 by Yuji Tounai * CVE-2019-5934 and CVE-2019-5945 by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. * CVE-2019-5943 by ixama * CVE-2019-5944 by Tanghaifeng * CVE-2020-5562 by Kanta Nishitani

References

▼	Type	URL
	JVN	https://jvn.jp/en/jp/JVN58849431/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2020-5562
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5928
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5929
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5930
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5931
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5932
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5933
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5934
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5935
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5936
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5937
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5938
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5939
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5940
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5941
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5942
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5943
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5944
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5945
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5946
	CVE	https://www.cve.org/CVERecord?id=CVE-2019-5947
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5928
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5929
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5930
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5931
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5932
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5933
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5934
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5935
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5936
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5937
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5938
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5939
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5940
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5941
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5942
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5943
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5944
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5945
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5946
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5947
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5562
	Improper Input Validation(CWE-20)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Information Exposure(CWE-200)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Path Traversal(CWE-22)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	SQL Injection(CWE-89)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon
	Cybozu, Inc.	Cybozu Garoon

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000023.html",
  "dc:date": "2023-11-08T16:39+09:00",
  "dcterms:issued": "2019-04-25T17:13+09:00",
  "dcterms:modified": "2023-11-08T16:39+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n\r\n* Cross-site scripting in the additional processing of Customize Item function (CWE-79) - CVE-2019-5928\r\n* Cross-site scripting in the application \"Memo\" (CWE-79) - CVE-2019-5929\r\n* Browse restriction bypass in the application \"Management of Basic System\" (CWE-264) - CVE-2019-5930\r\n* Improper verification of file path in installer (CWE-20) - CVE-2019-5931\r\n* Stored cross-site scripting in the application \"Portal\" (CWE-79) - CVE-2019-5932\r\n* Browse restriction bypass in the application \"Bulletin\" (CWE-284) - CVE-2019-5933\r\n* SQL injection in the Log Search function of application \"logging\" (CWE-89) - CVE-2019-5934\r\n* Operation restriction bypass in the Item function of User Information (CWE-264) - CVE-2019-5935\r\n* Directory traversal in the application \"Work Flow\" (CWE-22) - CVE-2019-5936\r\n* Cross-site scripting in the user information (CWE-79) - CVE-2019-5937\r\n* Stored cross-site scripting in the application \"Mail\" (CWE-79) - CVE-2019-5938\r\n* Cross-site scripting in the application \"Portal\" (CWE-79) - CVE-2019-5939\r\n* Cross-site scripting in the application \"Scheduler\" (CWE-79) - CVE-2019-5940\r\n* Operation restriction bypass in the application \"Multi Report\" (CWE-264) - CVE-2019-5941\r\n* Browse restriction bypass in the Multiple Files Download function of application \"Cabinet\" (CWE-284) - CVE-2019-5942\r\n* Browse restriction bypass in the application \"Bulletin\" and the application \"Cabinet\" (CWE-284) - CVE-2019-5943\r\n* Operation restriction bypass in the application \"Address\" (CWE-264) - CVE-2019-5944\r\n* Information disclosure in the authentication of Cybozu Garoon (CWE-287) - CVE-2019-5945\r\n* Open redirect in the Login Screen (CWE-601) - CVE-2019-5946\r\n* Cross-site scripting in the application \"Cabinet\" (CWE-79) - CVE-2019-5947\r\n* Server-side request forgery in the V-CUBE Meeting function (CWE-918) - CVE-2020-5562\r\n\r\nCybozu, Inc. reported the following vulnerabilities to JPCERT/CC to notify users of the solution through JVN.\r\n\r\n* CVE-2019-5928, CVE-2019-5930, CVE-2019-5931, CVE-2019-5932, CVE-2019-5935, CVE-2019-5936, CVE-2019-5942 and CVE-2019-5947 by Cybozu, Inc.\r\n* CVE-2019-5929, CVE-2019-5937, CVE-2019-5938, CVE-2019-5939 and CVE-2019-5940 by Masato Kinugawa\r\n* CVE-2019-5933, CVE-2019-5941 and CVE-2019-5946 by Yuji Tounai\r\n* CVE-2019-5934 and CVE-2019-5945 by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.\r\n* CVE-2019-5943 by ixama\r\n* CVE-2019-5944 by Tanghaifeng\r\n* CVE-2020-5562 by Kanta Nishitani",
  "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000023.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:cybozu:garoon",
      "@product": "Cybozu Garoon",
      "@vendor": "Cybozu, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2019-000023",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN58849431/index.html",
      "@id": "JVN#58849431",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2020-5562",
      "@id": "CVE-2020-5562",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5928",
      "@id": "CVE-2019-5928",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5929",
      "@id": "CVE-2019-5929",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5930",
      "@id": "CVE-2019-5930",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5931",
      "@id": "CVE-2019-5931",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5932",
      "@id": "CVE-2019-5932",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5933",
      "@id": "CVE-2019-5933",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5934",
      "@id": "CVE-2019-5934",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5935",
      "@id": "CVE-2019-5935",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5936",
      "@id": "CVE-2019-5936",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5937",
      "@id": "CVE-2019-5937",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5938",
      "@id": "CVE-2019-5938",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5939",
      "@id": "CVE-2019-5939",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5940",
      "@id": "CVE-2019-5940",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5941",
      "@id": "CVE-2019-5941",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5942",
      "@id": "CVE-2019-5942",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5943",
      "@id": "CVE-2019-5943",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5944",
      "@id": "CVE-2019-5944",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5945",
      "@id": "CVE-2019-5945",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5946",
      "@id": "CVE-2019-5946",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2019-5947",
      "@id": "CVE-2019-5947",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5928",
      "@id": "CVE-2019-5928",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5929",
      "@id": "CVE-2019-5929",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5930",
      "@id": "CVE-2019-5930",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5931",
      "@id": "CVE-2019-5931",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5932",
      "@id": "CVE-2019-5932",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5933",
      "@id": "CVE-2019-5933",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5934",
      "@id": "CVE-2019-5934",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5935",
      "@id": "CVE-2019-5935",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5936",
      "@id": "CVE-2019-5936",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5937",
      "@id": "CVE-2019-5937",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5938",
      "@id": "CVE-2019-5938",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5939",
      "@id": "CVE-2019-5939",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5940",
      "@id": "CVE-2019-5940",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5941",
      "@id": "CVE-2019-5941",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5942",
      "@id": "CVE-2019-5942",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5943",
      "@id": "CVE-2019-5943",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5944",
      "@id": "CVE-2019-5944",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5945",
      "@id": "CVE-2019-5945",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5946",
      "@id": "CVE-2019-5946",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5947",
      "@id": "CVE-2019-5947",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5562",
      "@id": "CVE-2020-5562",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-89",
      "@title": "SQL Injection(CWE-89)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in Cybozu Garoon"
}

gsd-2019-5928

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.

Aliases

CVE-2019-5928

Aliases

CVE-2019-5928

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-5928",
    "description": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.",
    "id": "GSD-2019-5928"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-5928"
      ],
      "details": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.",
      "id": "GSD-2019-5928",
      "modified": "2023-12-13T01:23:54.893814Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2019-5928",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cybozu Garoon",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "4.0.0 to 4.6.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cybozu, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Cross-site scripting"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kb.cybozu.support/article/34279/",
            "refsource": "MISC",
            "url": "https://kb.cybozu.support/article/34279/"
          },
          {
            "name": "http://jvn.jp/en/jp/JVN58849431/index.html",
            "refsource": "MISC",
            "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.6.3",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2019-5928"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.cybozu.support/article/34279/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kb.cybozu.support/article/34279/"
            },
            {
              "name": "http://jvn.jp/en/jp/JVN58849431/index.html",
              "refsource": "MISC",
              "tags": [
                "Broken Link",
                "Third Party Advisory"
              ],
              "url": "http://jvn.jp/en/jp/JVN58849431/index.html"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN58849431/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN58849431/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2019-05-17T18:01Z",
      "publishedDate": "2019-05-17T16:29Z"
    }
  }
}

Action not permitted

CVE-2019-5928

Vulnerability from cvelistv5

ghsa-87wr-fx2p-cj6q

Vulnerability from github

CVE-2019-5928

Vulnerability from jvndb

gsd-2019-5928

Vulnerability from gsd

Tags