Cybozu Garoon Session Fixation and Cross Site Scripting Vulnerabilities

Cybozu Garoon Session Fixation and Cross Site Scripting Vulnerabilities

Cybozu Garoon is prone to multiple vulnerabilities, including a session-fixation vulnerability and a cross-site scripting vulnerability.

An attacker may leverage the session-fixation issue to hijack a session of an unsuspecting user. The attacker may exploit the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Cybozu Garoon 2.1.3 and prior versions are vulnerable.