github - ghsa-6g4q-mgfw-5mhv

ghsa-6g4q-mgfw-5mhv

Vulnerability from github

Published

2022-05-24 17:44

Modified

2022-05-24 17:44

Details

Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20628"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-18T01:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.",
  "id": "GHSA-6g4q-mgfw-5mhv",
  "modified": "2022-05-24T17:44:43Z",
  "published": "2022-05-24T17:44:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20628"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
    },
    {
      "type": "WEB",
      "url": "https://kb.cybozu.support/article/36868"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2021-20628

Vulnerability from cvelistv5

Published

2021-03-18 00:55

Modified

2024-08-03 17:45

Severity

Summary

Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.

References

URL	Tags
https://jvn.jp/en/jp/JVN45797538/index.html	x_refsource_MISC
https://kb.cybozu.support/article/36868/	x_refsource_MISC

Impacted products

Vendor	Product
Cybozu, Inc.	Cybozu Office

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:45.027Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cybozu.support/article/36868/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu Office",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.0 to 10.8.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-18T00:55:59",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cybozu.support/article/36868/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20628",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0.0 to 10.8.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN45797538/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN45797538/index.html"
            },
            {
              "name": "https://kb.cybozu.support/article/36868/",
              "refsource": "MISC",
              "url": "https://kb.cybozu.support/article/36868/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20628",
    "datePublished": "2021-03-18T00:55:59",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:45.027Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.