CVE-2013-2305
Cybozu Office < 8.1.6 and 9.x < 9.3.0, Cybozu Dezie < 8.0.7, and Cybozu Mailwise < 5.0.4 - Cross-Site Request Forgery
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://cs.cybozu.co.jp/information/20130415up10.php
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN06251813/index.html
Third Party Advisory x_refsource_confirm
http://jvn.jp/en/jp/JVN06251813/374951/index.html
Third Party Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034
Scores
EPSS
0.0014
EPSS Percentile
34.0%
Details
CWE
CWE-352
Status
published
Products (18)
cybozu/cybozu_dezie
8.0.0
cybozu/cybozu_dezie
8.0.1
cybozu/cybozu_dezie
8.0.2
cybozu/cybozu_dezie
8.0.3
cybozu/cybozu_dezie
8.0.4
cybozu/cybozu_dezie
8.0.5
cybozu/cybozu_dezie
< 8.0.6
cybozu/cybozu_office
6
cybozu/cybozu_office
7
cybozu/cybozu_office
9
... and 8 more
Published
Apr 25, 2013
Tracked Since
Feb 18, 2026