CVE-2021-20628
MEDIUMCybozu Office 10.0.0-10.8.4 - Cross-Site Scripting in Address Book
Title source: llmDescription
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN45797538/index.html
Vendor Advisory x_refsource_misc
https://kb.cybozu.support/article/36868/
Scores
CVSS v3
6.1
EPSS
0.0035
EPSS Percentile
57.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
cybozu/office
10.0.0 - 10.8.4
Published
Mar 18, 2021
Tracked Since
Feb 18, 2026