Ren Hirasawa

Name of the Vulnerable Software and Affected Versions: Cybozu Garoon versions 4.0.0 through 5.5.0 Description: A cross-site scripting issue in some functions of the E-Mail or Group Mail component allows a remote attacker to inject an arbitrary script via unspecified vectors. Recommendations: For Cybozu Garoon versions 4.0.0 through 5.5.0, update to a version that includes a fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LOCKON EC-CUBE versions prior to 2.12.5 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature of the management screen. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via vectors involving the `rank` parameter. **Recommendations** For versions prior to 2.12.5, update to version 2.12.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the RecommendSearch feature in the management screen until the update is applied. Avoid using the `rank` parameter in the affected feature until the issue is resolved.