CVE-2011-1335
Cybozu Office 6-8 - Cross-Site Scripting in Address Book and User List Functions
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "address book and user list functions."
References (7)
Core 7
Core References
Patch, Vendor Advisory x_refsource_confirm
http://cs.cybozu.co.jp/information/20100816notice05.php
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/44992
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45050
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/73320
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/48446
Third Party Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000047
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN55508059/index.html
Scores
EPSS
0.0052
EPSS Percentile
66.9%
Details
CWE
CWE-79
Status
published
Products (3)
cybozu/office
6
cybozu/office
7
cybozu/office
8
Published
Jun 29, 2011
Tracked Since
Feb 18, 2026