jvndb - jvndb-2009-000067

jvndb-2009-000067

Vulnerability from jvndb

Published

2009-10-15 15:21

Modified

2009-10-15 15:21

Severity ?

() - -

Summary

Multiple Cybozu products vulnerable to cross-site scripting

Details

Multiple Cybozu products are vulnerable to cross-site scripting. Multiple products (groupware etc.) provided by Cybozu, Inc. contain a cross-site scripting vulnerablility. This vulnerability is different from JVN#50342989, and JVN#90712589. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	http://jvn.jp/en/jp/JVN23108985/index.html
	SECUNIA	http://secunia.com/advisories/37011/
	BID	http://www.securityfocus.com/bid/36704
	VUPEN	http://www.vupen.com/english/advisories/2009/2918
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Cybozu, Inc.	Cybozu Dezie
	Cybozu, Inc.	Cybozu Mailwise
	Cybozu, Inc.	Cybozu Office

Show details on JVN DB website

JSON

To clipboard

{
   "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000067.html",
   "dc:date": "2009-10-15T15:21+09:00",
   "dcterms:issued": "2009-10-15T15:21+09:00",
   "dcterms:modified": "2009-10-15T15:21+09:00",
   description: "Multiple Cybozu products are vulnerable to cross-site scripting.\r\n\r\nMultiple products (groupware etc.) provided by Cybozu, Inc. contain a cross-site scripting vulnerablility.\r\n\r\nThis vulnerability is different from JVN#50342989, and JVN#90712589.\r\n\r\nTakeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
   link: "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000067.html",
   "sec:cpe": [
      {
         "#text": "cpe:/a:cybozu:dezie",
         "@product": "Cybozu Dezie",
         "@vendor": "Cybozu, Inc.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/a:cybozu:mailwise",
         "@product": "Cybozu Mailwise",
         "@vendor": "Cybozu, Inc.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/a:cybozu:office",
         "@product": "Cybozu Office",
         "@vendor": "Cybozu, Inc.",
         "@version": "2.2",
      },
   ],
   "sec:cvss": {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
      "@version": "2.0",
   },
   "sec:identifier": "JVNDB-2009-000067",
   "sec:references": [
      {
         "#text": "http://jvn.jp/en/jp/JVN23108985/index.html",
         "@id": "JVN#23108985",
         "@source": "JVN",
      },
      {
         "#text": "http://secunia.com/advisories/37011/",
         "@id": "SA37011",
         "@source": "SECUNIA",
      },
      {
         "#text": "http://www.securityfocus.com/bid/36704",
         "@id": "36704",
         "@source": "BID",
      },
      {
         "#text": "http://www.vupen.com/english/advisories/2009/2918",
         "@id": "VUPEN/ADV-2009-2918",
         "@source": "VUPEN",
      },
      {
         "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
         "@id": "CWE-79",
         "@title": "Cross-site Scripting(CWE-79)",
      },
   ],
   title: "Multiple Cybozu products vulnerable to cross-site scripting",
}

jvndb-2009-000067

Vulnerability from jvndb

Tags

Sightings

Nomenclature

Action not permitted

jvndb-2009-000067

Vulnerability from jvndb

Tags

Sightings

Nomenclature