Cybozu Office Multiple Security Vulnerabilities

Cybozu Office is prone to the following security vulnerabilities.

1. A cross-site scripting vulnerability
2. A security-bypass vulnerability
3. An information-disclosure vulnerability

An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, access or modify data, bypass security restrictions and perform unauthorized actions in the context of the affected application.

Cybozu Office 10.0.0 through 10.5.0 are vulnerable.


Bugtraq ID: 97717
Class: Input Validation Error
CVE: CVE-2017-2114

Remote: Yes
Local: No
Published: Apr 18 2017 12:00AM
Updated: Apr 18 2017 12:00AM
Credit: Cybozu, and Kazuto Sagamihara.
Vulnerable: Cybozu Office 10.5
Cybozu Office 10.3
Cybozu Office 10.2
Cybozu Office 10.0.1
Cybozu Office 10.4.0
Cybozu Office 10.0.2

Not Vulnerable:

Related Posts