Lucene search

JpcertCVELIST:CVE-2022-29513

HistoryJul 04, 2022 - 6:56 a.m.

CVE-2022-29513

2022-07-0406:56:38

jpcert

www.cve.org

cybozu garoon

cross-site scripting

scheduler

remote attacker

administrative privilege

arbitrary script

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

29.2%

JSON

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.

CNA Affected

[
  {
    "product": "Cybozu Garoon",
    "vendor": "Cybozu, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "4.10.0 to 5.5.1"
      }
    ]
  }
]

References

cs.cybozu.co.jp/2022/007429.html

jvn.jp/en/jp/JVN73897863/index.html