fkie_nvd - fkie_cve-2011-1332

fkie_cve-2011-1332

Vulnerability from fkie_nvd

Published

2011-06-29 17:55

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-6570.

References

URL	Tags
vultures@jpcert.or.jp	http://cybozu.co.jp/products/dl/notice/detail/0023.html	Patch, Vendor Advisory
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN59779256/index.html
vultures@jpcert.or.jp	http://jvndb.jvn.jp/jvndb/JVNDB-2011-000044
af854a3a-2127-422b-91ae-364da2661108	http://cybozu.co.jp/products/dl/notice/detail/0023.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN59779256/index.html
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/jvndb/JVNDB-2011-000044

Impacted products

Vendor	Product	Version
cybozu	garoon	2.0.0
cybozu	garoon	2.0.1
cybozu	garoon	2.0.2
cybozu	garoon	2.0.3
cybozu	garoon	2.0.4
cybozu	garoon	2.0.5
cybozu	garoon	2.0.6
cybozu	garoon	2.1.0
cybozu	garoon	2.1.1
cybozu	garoon	2.1.2
cybozu	garoon	2.1.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1556F99E-1609-44FF-83F0-F43FBDE738A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "348C389E-ADFD-4D2C-AA54-220664EA2755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "48F3F19B-25A7-4E9E-9961-1F7C8DBC0327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "08AE0E10-87A4-4862-A873-A943F44A9862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88D773E-B6DE-4FD2-A911-0D13C6CA902C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C846A750-F26E-4F1F-85A3-F95BCC9F8A3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E139B6A-2F36-4EB5-BA1F-84D67C89E935",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F585001-37C9-42F5-8B13-56827E6AC785",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FD3F43-9ECA-4815-8BDC-B9DAC07E9400",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F5F2D43-8B67-4D84-94AF-262F6D66F2B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "277403E7-3CD9-458C-9669-FB983FF94568",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-6570."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Cybozu Office v6 y Cybozu Garoon v2.0.0 hasta v2.1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados. Una vulnerabilidad diferente de CVE-2008-6570."
    }
  ],
  "id": "CVE-2011-1332",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-06-29T17:55:01.720",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://cybozu.co.jp/products/dl/notice/detail/0023.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvn.jp/en/jp/JVN59779256/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://cybozu.co.jp/products/dl/notice/detail/0023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/en/jp/JVN59779256/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000044"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2011-1332 (GCVE-0-2011-1332)

Vulnerability from cvelistv5

Published

2011-06-29 17:00