PT-2021-14089 · Mozilla+1 · Firefox+1
Kanta Nishitani
·
Published
2021-03-18
·
Updated
2021-03-23
·
CVE-2021-20628
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Cybozu Office versions 10.0.0 through 10.8.4
Description:
A cross-site scripting issue in the Address Book of Cybozu Office allows remote attackers to inject an arbitrary script via unspecified vectors. This issue is specific to when Mozilla Firefox is used.
Recommendations:
For Cybozu Office versions 10.0.0 through 10.8.4, consider disabling the Address Book feature until a patch is available to prevent exploitation. Restrict access to the Address Book to minimize the risk of arbitrary script injection. Avoid using the Address Book with Mozilla Firefox until the issue is resolved.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cybozu Office
Firefox