Published:2008/06/27  Last Updated:2011/06/03

JVN#52363223
Cybozu Garoon vulnerable to arbitrary script execution

Overview

Cybozu Garoon, a groupware from Cybozu, contains a vulnerability that allows an attacker to execute an arbitrary script when a user views RSS feed.

Products Affected

  • Cybozu Garoon version 2.0.0 - 2.1.3

Description

Cybozu Garoon, a groupware from Cybozu, contains a vulnerability that allows an attacker to execute an arbitrary script when a user views RSS feed.

Impact

An arbitrary script could be executed on the user's web browser.

Solution

Update the Software
Apply the latest update provided by the vendor.

Vendor Status

Vendor Status Last Update Vendor Notes
Cybozu, Inc. vulnerable 2011/06/03

References

JPCERT/CC Addendum

The vendor has published information on this problem on April 14 2008.

Vulnerability Analysis by JPCERT/CC

Credit

Yoshiki Kawada of LAC (Little eArth Corporation) reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2008-6570
JVN iPedia JVNDB-2008-000035

Update History

2011/06/03
Cybozu, Inc. update status