CVE-2014-1994

Cybozu Garoon 2.x-3.x < 3.7 SP4 - Authenticated Cross-Site Scripting in Notices Portlet

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

References (3)

Core 3
Core References
Vendor Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN80583739/index.html
Vendor Advisory x_refsource_confirm
http://cs.cybozu.co.jp/information/gr20140714up04.php
Vendor Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000076

Scores

EPSS 0.0021
EPSS Percentile 43.1%

Details

CWE
CWE-79
Status published
Products (25)
cybozu/garoon 2.0.0
cybozu/garoon 2.1.0
cybozu/garoon 2.1.1
cybozu/garoon 2.1.2
cybozu/garoon 2.1.3
cybozu/garoon 2.5.0
cybozu/garoon 2.5.1
cybozu/garoon 2.5.2
cybozu/garoon 2.5.3
cybozu/garoon 2.5.4
... and 15 more
Published Jul 20, 2014
Tracked Since Feb 18, 2026