CVE-2013-6911
Cybozu Garoon < 3.7.2 - Authenticated Cross-Site Scripting in Bulletin-Board Component
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References (5)
Core 5
Core References
Various Sources x_refsource_misc
http://cs.cybozu.co.jp/information/20131202up01.php
Patch x_refsource_confirm
https://support.cybozu.com/ja-jp/article/7158
Third Party Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/100561
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN23981867/index.html
Scores
EPSS
0.0023
EPSS Percentile
45.9%
Details
CWE
CWE-79
Status
published
Products (8)
cybozu/garoon
2.0 sp1 (6 CPE variants)
cybozu/garoon
2.1 (4 CPE variants)
cybozu/garoon
2.5 (5 CPE variants)
cybozu/garoon
3.0 (4 CPE variants)
cybozu/garoon
3.1 (4 CPE variants)
cybozu/garoon
3.5 (6 CPE variants)
cybozu/garoon
3.7
cybozu/garoon
< 3.7
Published
Dec 05, 2013
Tracked Since
Feb 18, 2026