PT-2020-18560 · Cybozu · Cybozu Garoon
Published
2020-06-30
·
Updated
2020-07-02
·
CVE-2020-5586
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Cybozu Garoon versions 4.10.3 through 5.0.1
Description
A cross-site scripting issue allows an attacker with administrator rights to inject an arbitrary script via unspecified vectors.
Recommendations
For Cybozu Garoon versions 4.10.3 through 5.0.1, consider restricting access to administrator rights until a fix is available.
As a temporary workaround, consider implementing additional validation and sanitization for user input to minimize the risk of script injection.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cybozu Garoon