CVE-2021-20770

Name of the Vulnerable Software and Affected Versions: Cybozu Garoon versions 4.6.0 through 5.0.2

Description: A cross-site scripting issue allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This enables the attacker to potentially execute malicious scripts on the victim's browser, leading to unauthorized actions or data theft. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations: For Cybozu Garoon versions 4.6.0 through 5.0.2, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.