Cybozu Office Multiple Security Vulnerabilities

Cybozu Office is prone to the following security vulnerabilities.

1. A cross-site scripting vulnerability
2. A security-bypass vulnerability
3. An information-disclosure vulnerability

An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, access or modify data, bypass security restrictions and perform unauthorized actions in the context of the affected application.

Cybozu Office 10.0.0 through 10.5.0 are vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus