CVE-2014-1995

Cybozu Garoon 2.x and 3.x < 3.7 SP4 - Authenticated Cross-Site Scripting in Map Search

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
http://cs.cybozu.co.jp/information/gr20140714up02.php
Vendor Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000075
Vendor Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN97558950/index.html

Scores

EPSS 0.0021
EPSS Percentile 43.1%

Details

CWE
CWE-79
Status published
Products (25)
cybozu/garoon 2.0.0
cybozu/garoon 2.1.0
cybozu/garoon 2.1.1
cybozu/garoon 2.1.2
cybozu/garoon 2.1.3
cybozu/garoon 2.5.0
cybozu/garoon 2.5.1
cybozu/garoon 2.5.2
cybozu/garoon 2.5.3
cybozu/garoon 2.5.4
... and 15 more
Published Jul 20, 2014
Tracked Since Feb 18, 2026