CVE-2024-31401

Name of the Vulnerable Software and Affected Versions Cybozu Garoon versions 5.0.0 through 5.15.2

Description A cross-site scripting issue allows a remote authenticated attacker with administrative privileges to inject an arbitrary script into the web browser of a user logging into the product. This can be exploited by injecting malicious scripts, potentially leading to unauthorized actions on behalf of the user.

Recommendations For Cybozu Garoon versions 5.0.0 through 5.15.2, update to a version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting administrative access to trusted users only until a patch is available.