CVE-2017-2114
MEDIUMCybozu Office 10.0.0-10.5.0 - XSS
Title source: llmDescription
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Scores
CVSS v3
5.4
EPSS
0.0018
EPSS Percentile
39.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Classification
CWE
CWE-79
Status
published
Affected Products (7)
cybozu/office
cybozu/office
cybozu/office
cybozu/office
cybozu/office
cybozu/office
Cybozu, Inc./Cybozu Office
< 10.0.0 to 10.5.0
Timeline
Published
Apr 28, 2017
Tracked Since
Feb 18, 2026