PT-2018-8916 · Cybozu · Cybozu Mailwise

Masato Kinugawa

Published

2018-06-26

Updated

2018-08-08

CVE-2018-0558

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Cybozu Mailwise versions 5.0.0 through 5.4.1

Description A reflected cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML in the system settings of the affected software via unspecified vectors.

Recommendations For Cybozu Mailwise versions 5.0.0 through 5.4.1, update to a version that contains a fix for this issue, as using earlier versions poses a risk of remote attackers injecting malicious scripts.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-0558

Affected Products

Cybozu Mailwise

PT-2018-8916 · Cybozu · Cybozu Mailwise

CVE-2018-0558

Weakness Enumeration

Related Identifiers

Affected Products

References · 4