CVE-2013-6910

Cybozu Garoon < 3.7.0 - Cross-Site Scripting via Ajax Components

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (4)

Core 4
Core References
Various Sources x_refsource_misc
http://cs.cybozu.co.jp/information/20131202up01.php
Vendor Advisory x_refsource_confirm
https://support.cybozu.com/ja-jp/article/6434
Third Party Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN23981867/index.html

Scores

EPSS 0.0029
EPSS Percentile 52.0%

Details

CWE
CWE-79
Status published
Products (7)
cybozu/garoon 2.0 sp1 (6 CPE variants)
cybozu/garoon 2.1 (4 CPE variants)
cybozu/garoon 2.5 (5 CPE variants)
cybozu/garoon 3.0 (4 CPE variants)
cybozu/garoon 3.1 (4 CPE variants)
cybozu/garoon 3.5 (5 CPE variants)
cybozu/garoon < 3.5
Published Dec 05, 2013
Tracked Since Feb 18, 2026