What is the severity of CVE-2013-6902?

CVE-2013-6902 is classified as a medium severity cross-site scripting (XSS) vulnerability.

How do I fix CVE-2013-6902?

To fix CVE-2013-6902, update Cybozu Garoon to version 3.7.0 or later.

What versions of Cybozu Garoon are affected by CVE-2013-6902?

CVE-2013-6902 affects Cybozu Garoon versions prior to 3.7.0, including various service packs of versions 2.0 to 3.5.

Can CVE-2013-6902 be exploited remotely?

Yes, CVE-2013-6902 can be exploited remotely by attackers to inject arbitrary web scripts or HTML.

What impact does CVE-2013-6902 have on the application?

CVE-2013-6902 allows attackers to execute malicious scripts in the context of the affected user's session.

Vulnerability/
CVE-2013-6902

medium

4.3

CWE

5/12/2013

6/8/2024

CVE-2013-6902: XSS

First published: Thu Dec 05 2013(Updated: )

Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Credit: vultures@jpcert.or.jp

Affected Software	Affected Version	How to fix
Cybozu Garoon	<=3.5
Cybozu Garoon	=2.0-sp1
Cybozu Garoon	=2.0-sp2
Cybozu Garoon	=2.0-sp3
Cybozu Garoon	=2.0-sp4
Cybozu Garoon	=2.0-sp5
Cybozu Garoon	=2.0-sp6
Cybozu Garoon	=2.1
Cybozu Garoon	=2.1-sp1
Cybozu Garoon	=2.1-sp2
Cybozu Garoon	=2.1-sp3
Cybozu Garoon	=2.5
Cybozu Garoon	=2.5-sp1
Cybozu Garoon	=2.5-sp2
Cybozu Garoon	=2.5-sp3
Cybozu Garoon	=2.5-sp4
Cybozu Garoon	=3.0
Cybozu Garoon	=3.0-sp1
Cybozu Garoon	=3.0-sp2
Cybozu Garoon	=3.0-sp3
Cybozu Garoon	=3.1
Cybozu Garoon	=3.1-sp1
Cybozu Garoon	=3.1-sp2
Cybozu Garoon	=3.1-sp3
Cybozu Garoon	=3.5
Cybozu Garoon	=3.5-sp1
Cybozu Garoon	=3.5-sp2
Cybozu Garoon	=3.5-sp3
Cybozu Garoon	=3.5-sp4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-6902?
CVE-2013-6902 is classified as a medium severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2013-6902?
To fix CVE-2013-6902, update Cybozu Garoon to version 3.7.0 or later.
What versions of Cybozu Garoon are affected by CVE-2013-6902?
CVE-2013-6902 affects Cybozu Garoon versions prior to 3.7.0, including various service packs of versions 2.0 to 3.5.
Can CVE-2013-6902 be exploited remotely?
Yes, CVE-2013-6902 can be exploited remotely by attackers to inject arbitrary web scripts or HTML.
What impact does CVE-2013-6902 have on the application?
CVE-2013-6902 allows attackers to execute malicious scripts in the context of the affected user's session.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/author
agent/weakness
agent/first-publish-date
agent/tags
agent/event
agent/description
agent/source
vendor/cybozu
canonical/cybozu garoon
version/cybozu garoon/3.5
version/cybozu garoon/2.0-sp1
version/cybozu garoon/2.0-sp2
version/cybozu garoon/2.0-sp3
version/cybozu garoon/2.0-sp4
version/cybozu garoon/2.0-sp5
version/cybozu garoon/2.0-sp6
version/cybozu garoon/2.1
version/cybozu garoon/2.1-sp1
version/cybozu garoon/2.1-sp2
version/cybozu garoon/2.1-sp3
version/cybozu garoon/2.5
version/cybozu garoon/2.5-sp1
version/cybozu garoon/2.5-sp2
version/cybozu garoon/2.5-sp3
version/cybozu garoon/2.5-sp4
version/cybozu garoon/3.0
version/cybozu garoon/3.0-sp1
version/cybozu garoon/3.0-sp2
version/cybozu garoon/3.0-sp3
version/cybozu garoon/3.1
version/cybozu garoon/3.1-sp1
version/cybozu garoon/3.1-sp2
version/cybozu garoon/3.1-sp3
version/cybozu garoon/3.5-sp1
version/cybozu garoon/3.5-sp2
version/cybozu garoon/3.5-sp3
version/cybozu garoon/3.5-sp4