Lucene search

JpcertCVE-2017-2257

HistoryAug 29, 2017 - 1:35 a.m.

CVE-2017-2257

2017-08-2901:35:13

CWE-79

jpcert

web.nvd.nist.gov

cve-2017-2257

cybozu garoon

cross-site scripting

vulnerability

security

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

32.7%

JSON

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.

Affected configurations

Nvd

Vulners

Node

cybozugaroonMatch3.0.0

cybozugaroonMatch3.0.1

cybozugaroonMatch3.0.2

cybozugaroonMatch3.0.3

cybozugaroonMatch3.1.0

cybozugaroonMatch3.1.1

cybozugaroonMatch3.1.2

cybozugaroonMatch3.1.3

cybozugaroonMatch3.5.0

cybozugaroonMatch3.5.1

cybozugaroonMatch3.5.2

cybozugaroonMatch3.5.3

cybozugaroonMatch3.5.4

cybozugaroonMatch3.5.5

cybozugaroonMatch3.7.0

cybozugaroonMatch3.7.1

cybozugaroonMatch3.7.2

cybozugaroonMatch3.7.3

cybozugaroonMatch3.7.4

cybozugaroonMatch3.7.5

cybozugaroonMatch4.0.1

cybozugaroonMatch4.0.2

cybozugaroonMatch4.0.3

cybozugaroonMatch4.2.0

cybozugaroonMatch4.2.1

cybozugaroonMatch4.2.2

cybozugaroonMatch4.2.3

cybozugaroonMatch4.2.4

cybozugaroonMatch4.2.5

VendorProductVersionCPE
cybozugaroon3.0.0cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*
cybozugaroon3.0.1cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*
cybozugaroon3.0.2cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*
cybozugaroon3.0.3cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*
cybozugaroon3.1.0cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*
cybozugaroon3.1.1cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*
cybozugaroon3.1.2cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*
cybozugaroon3.1.3cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*
cybozugaroon3.5.0cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*
cybozugaroon3.5.1cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cybozu	garoon	3.0.0	cpe:2.3:a:cybozu:garoon:3.0.0:::::::*
cybozu	garoon	3.0.1	cpe:2.3:a:cybozu:garoon:3.0.1:::::::*
cybozu	garoon	3.0.2	cpe:2.3:a:cybozu:garoon:3.0.2:::::::*
cybozu	garoon	3.0.3	cpe:2.3:a:cybozu:garoon:3.0.3:::::::*
cybozu	garoon	3.1.0	cpe:2.3:a:cybozu:garoon:3.1.0:::::::*
cybozu	garoon	3.1.1	cpe:2.3:a:cybozu:garoon:3.1.1:::::::*
cybozu	garoon	3.1.2	cpe:2.3:a:cybozu:garoon:3.1.2:::::::*
cybozu	garoon	3.1.3	cpe:2.3:a:cybozu:garoon:3.1.3:::::::*
cybozu	garoon	3.5.0	cpe:2.3:a:cybozu:garoon:3.5.0:::::::*
cybozu	garoon	3.5.1	cpe:2.3:a:cybozu:garoon:3.5.1:::::::*

Rows per page:

1-10 of 291

CNA Affected

[
  {
    "product": "Cybozu Garoon",
    "vendor": "Cybozu, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "3.0.0 to 4.2.5"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN63564682/index.html

support.cybozu.com/ja-jp/article/9765

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

32.7%

JSON

Related for CVE-2017-2257