Yoichi Tsuzuki

**Name of the Vulnerable Software and Affected Versions** Group Office versions prior to 6.6.182 Group Office versions prior to 6.7.64 Group Office versions prior to 6.8.31 **Description** A cross-site scripting issue exists, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. **Recommendations** For versions prior to 6.6.182, update to version 6.6.182 or later. For versions prior to 6.7.64, update to version 6.7.64 or later. For versions prior to 6.8.31, update to version 6.8.31 or later.

**Name of the Vulnerable Software and Affected Versions** Pleasanter versions 1.3.47.0 and earlier **Description** The issue allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. This can be achieved by exploiting an open redirect vulnerability. **Recommendations** For Pleasanter versions 1.3.47.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.