Skip to main content

Garoon CVE-2013-6916

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2013-12-05 vultures@jpcert.or.jp
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 05, 2013 - 12:55 cve.org
MEDIUM 4.3

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

AnalysisAI

Cross-site scripting (XSS) vulnerability in the Yahoo!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Affected products include: Cybozu Garoon. Version information: before 3.7.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

More in Garoon

View all
CVE-2014-1987 CRITICAL
10.0 Jul 20

The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspe

CVE-2016-1219 CRITICAL
9.8 Apr 20

Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. Rated

CVE-2019-5945 CRITICAL
9.8 May 17

Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication

CVE-2016-7803 HIGH
8.8 Jun 09

SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitra

CVE-2024-31401 CRITICAL
9.0 Jun 11

Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an admin

CVE-2016-1218 HIGH
8.8 Apr 20

SQL injection vulnerability in Cybozu Garoon before 4.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotel

CVE-2016-4907 HIGH
8.8 Jun 09

Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. Rated high severity (

CVE-2018-0607 HIGH
8.8 Jul 26

SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authentic

CVE-2018-0530 HIGH
8.8 Apr 16

SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitra

CVE-2019-5931 HIGH
8.7 May 17

Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the instal

CVE-2015-5646 HIGH
8.5 Oct 12

Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code vi

CVE-2015-5647 HIGH
8.5 Oct 12

The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to e

Share

CVE-2013-6916 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy