jvndb - jvndb-2014-000078

jvndb-2014-000078

Vulnerability from jvndb

Published

2014-07-15 14:47

Modified

2014-07-23 11:01

Severity

() - -

Summary

Cybozu Garoon vulnerable to cross-site scritping

Details

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Messages", which may result in a cross-site scripting vulnerability (CWE-79).

References

Type	URL
JVN	http://jvn.jp/en/jp/JVN94838679/index.html
CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1992
NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1992
Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor	Product
Cybozu, Inc.	Cybozu Garoon

Show details on JVN DB website

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000078.html",
  "dc:date": "2014-07-23T11:01+09:00",
  "dcterms:issued": "2014-07-15T14:47+09:00",
  "dcterms:modified": "2014-07-23T11:01+09:00",
  "description": "Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function \"Messages\", which may result in a cross-site scripting vulnerability (CWE-79).",
  "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000078.html",
  "sec:cpe": {
    "#text": "cpe:/a:cybozu:garoon",
    "@product": "Cybozu Garoon",
    "@vendor": "Cybozu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "3.5",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2014-000078",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN94838679/index.html",
      "@id": "JVN#94838679",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1992",
      "@id": "CVE-2014-1992",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1992",
      "@id": "CVE-2014-1992",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Cybozu Garoon vulnerable to cross-site scritping"
}

cve-2014-1992

Vulnerability from cvelistv5

Published

2014-07-20 10:00

Modified

2024-08-06 09:58

Severity

Summary

Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

References

URL	Tags
http://cs.cybozu.co.jp/information/gr20140714up05.php	x_refsource_CONFIRM
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000078	third-party-advisory, x_refsource_JVNDB
http://jvn.jp/en/jp/JVN94838679/index.html	third-party-advisory, x_refsource_JVN

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:58:16.143Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cs.cybozu.co.jp/information/gr20140714up05.php"
          },
          {
            "name": "JVNDB-2014-000078",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000078"
          },
          {
            "name": "JVN#94838679",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN94838679/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-07-20T06:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cs.cybozu.co.jp/information/gr20140714up05.php"
        },
        {
          "name": "JVNDB-2014-000078",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000078"
        },
        {
          "name": "JVN#94838679",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN94838679/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2014-1992",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://cs.cybozu.co.jp/information/gr20140714up05.php",
              "refsource": "CONFIRM",
              "url": "http://cs.cybozu.co.jp/information/gr20140714up05.php"
            },
            {
              "name": "JVNDB-2014-000078",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000078"
            },
            {
              "name": "JVN#94838679",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN94838679/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2014-1992",
    "datePublished": "2014-07-20T10:00:00",
    "dateReserved": "2014-02-17T00:00:00",
    "dateUpdated": "2024-08-06T09:58:16.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.