Cybozu Office Multiple Security Vulnerabilities
Cybozu Office is prone to the following security vulnerabilities.
1. A cross-site scripting vulnerability
2. A security-bypass vulnerability
3. An information-disclosure vulnerability
An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, access or modify data, bypass security restrictions and perform unauthorized actions in the context of the affected application.
Cybozu Office 10.0.0 through 10.5.0 are vulnerable.