Home

Description

Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.

PUBLISHED Reserved 2024-04-03 | Published 2024-06-11 | Updated 2024-08-02 | Assigner jpcert

Problem types

Cross-site scripting (XSS)

Product status

5.0.0 to 5.15.2
affected

References

cs.cybozu.co.jp/2024/007901.html

jvn.jp/en/jp/JVN28869536/

cs.cybozu.co.jp/2024/007901.html

jvn.jp/en/jp/JVN28869536/

cve.org (CVE-2024-31401)

nvd.nist.gov (CVE-2024-31401)

Download JSON