CVE-2011-1335

Cybozu Office <8.1.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "address book and user list functions."

References (7)

[Patch, Vendor Advisory] http://cs.cybozu.co.jp/information/20100816notice05.php

[Vendor Advisory] http://secunia.com/advisories/44992

[Vendor Advisory] http://secunia.com/advisories/45050

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/48446

[Third Party Advisory, VDB Entry] http://www.osvdb.org/73320

[Third Party Advisory] http://jvndb.jvn.jp/jvndb/JVNDB-2011-000047

[Third Party Advisory] http://jvn.jp/en/jp/JVN55508059/index.html

Scores

EPSS 0.0052

EPSS Percentile 66.4%

Classification

CWE

CWE-79

Status published

Affected Products (4)

cybozu/office

n/a/n/a

Timeline

Published Jun 29, 2011

Tracked Since Feb 18, 2026