CVE-2014-1992

Cybozu Garoon 3.1.x-3.7.x - Authenticated Cross-Site Scripting in Messages

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
http://cs.cybozu.co.jp/information/gr20140714up05.php
Vendor Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000078
Vendor Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN94838679/index.html

Scores

EPSS 0.0021
EPSS Percentile 43.1%

Details

CWE
CWE-79
Status published
Products (11)
cybozu/garoon 3.1.0
cybozu/garoon 3.1.1
cybozu/garoon 3.1.2
cybozu/garoon 3.1.3
cybozu/garoon 3.5.0
cybozu/garoon 3.5.1
cybozu/garoon 3.5.2
cybozu/garoon 3.5.3
cybozu/garoon 3.5.4
cybozu/garoon 3.5.5
... and 1 more
Published Jul 20, 2014
Tracked Since Feb 18, 2026