What is the severity of CVE-2013-6909?

CVE-2013-6909 is classified as a moderate severity vulnerability due to its potential for cross-site scripting attacks.

How do I fix CVE-2013-6909?

To fix CVE-2013-6909, it is recommended to upgrade to Cybozu Garoon version 3.7.0 or later.

What types of attacks can be carried out due to CVE-2013-6909?

Attackers exploiting CVE-2013-6909 can execute arbitrary web scripts or HTML content in the context of the user's session.

Which versions of Cybozu Garoon are affected by CVE-2013-6909?

CVE-2013-6909 affects Cybozu Garoon versions prior to 3.7.0, including versions 2.0 through 3.5.

Is there a workaround for CVE-2013-6909 if immediate upgrades are not possible?

While immediate upgrades are the best solution for CVE-2013-6909, a temporary mitigation may involve limiting access to vulnerable report components until the upgrade can be performed.

Vulnerability/
CVE-2013-6909

medium

4.3

CWE

5/12/2013

6/8/2024

CVE-2013-6909: XSS

First published: Thu Dec 05 2013(Updated: )

Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Credit: vultures@jpcert.or.jp

Affected Software	Affected Version	How to fix
Cybozu Garoon	<=3.5
Cybozu Garoon	=2.0-sp1
Cybozu Garoon	=2.0-sp2
Cybozu Garoon	=2.0-sp3
Cybozu Garoon	=2.0-sp4
Cybozu Garoon	=2.0-sp5
Cybozu Garoon	=2.0-sp6
Cybozu Garoon	=2.1
Cybozu Garoon	=2.1-sp1
Cybozu Garoon	=2.1-sp2
Cybozu Garoon	=2.1-sp3
Cybozu Garoon	=2.5
Cybozu Garoon	=2.5-sp1
Cybozu Garoon	=2.5-sp2
Cybozu Garoon	=2.5-sp3
Cybozu Garoon	=2.5-sp4
Cybozu Garoon	=3.0
Cybozu Garoon	=3.0-sp1
Cybozu Garoon	=3.0-sp2
Cybozu Garoon	=3.0-sp3
Cybozu Garoon	=3.1
Cybozu Garoon	=3.1-sp1
Cybozu Garoon	=3.1-sp2
Cybozu Garoon	=3.1-sp3
Cybozu Garoon	=3.5
Cybozu Garoon	=3.5-sp1
Cybozu Garoon	=3.5-sp2
Cybozu Garoon	=3.5-sp3
Cybozu Garoon	=3.5-sp4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-6909?
CVE-2013-6909 is classified as a moderate severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2013-6909?
To fix CVE-2013-6909, it is recommended to upgrade to Cybozu Garoon version 3.7.0 or later.
What types of attacks can be carried out due to CVE-2013-6909?
Attackers exploiting CVE-2013-6909 can execute arbitrary web scripts or HTML content in the context of the user's session.
Which versions of Cybozu Garoon are affected by CVE-2013-6909?
CVE-2013-6909 affects Cybozu Garoon versions prior to 3.7.0, including versions 2.0 through 3.5.
Is there a workaround for CVE-2013-6909 if immediate upgrades are not possible?
While immediate upgrades are the best solution for CVE-2013-6909, a temporary mitigation may involve limiting access to vulnerable report components until the upgrade can be performed.

collector/nvd-index
agent/type
agent/references
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/author
agent/weakness
agent/first-publish-date
agent/tags
agent/event
agent/description
agent/source
vendor/cybozu
canonical/cybozu garoon
version/cybozu garoon/3.5
version/cybozu garoon/2.0-sp1
version/cybozu garoon/2.0-sp2
version/cybozu garoon/2.0-sp3
version/cybozu garoon/2.0-sp4
version/cybozu garoon/2.0-sp5
version/cybozu garoon/2.0-sp6
version/cybozu garoon/2.1
version/cybozu garoon/2.1-sp1
version/cybozu garoon/2.1-sp2
version/cybozu garoon/2.1-sp3
version/cybozu garoon/2.5
version/cybozu garoon/2.5-sp1
version/cybozu garoon/2.5-sp2
version/cybozu garoon/2.5-sp3
version/cybozu garoon/2.5-sp4
version/cybozu garoon/3.0
version/cybozu garoon/3.0-sp1
version/cybozu garoon/3.0-sp2
version/cybozu garoon/3.0-sp3
version/cybozu garoon/3.1
version/cybozu garoon/3.1-sp1
version/cybozu garoon/3.1-sp2
version/cybozu garoon/3.1-sp3
version/cybozu garoon/3.5-sp1
version/cybozu garoon/3.5-sp2
version/cybozu garoon/3.5-sp3
version/cybozu garoon/3.5-sp4

Frequently Asked Questions

What is the severity of CVE-2013-6909?
CVE-2013-6909 is classified as a moderate severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2013-6909?
To fix CVE-2013-6909, it is recommended to upgrade to Cybozu Garoon version 3.7.0 or later.
What types of attacks can be carried out due to CVE-2013-6909?
Attackers exploiting CVE-2013-6909 can execute arbitrary web scripts or HTML content in the context of the user's session.
Which versions of Cybozu Garoon are affected by CVE-2013-6909?
CVE-2013-6909 affects Cybozu Garoon versions prior to 3.7.0, including versions 2.0 through 3.5.
Is there a workaround for CVE-2013-6909 if immediate upgrades are not possible?
While immediate upgrades are the best solution for CVE-2013-6909, a temporary mitigation may involve limiting access to vulnerable report components until the upgrade can be performed.

CVE-2013-6909: XSS

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-6909?

How do I fix CVE-2013-6909?

What types of attacks can be carried out due to CVE-2013-6909?

Which versions of Cybozu Garoon are affected by CVE-2013-6909?

Is there a workaround for CVE-2013-6909 if immediate upgrades are not possible?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2013-6909?

How do I fix CVE-2013-6909?

What types of attacks can be carried out due to CVE-2013-6909?

Which versions of Cybozu Garoon are affected by CVE-2013-6909?

Is there a workaround for CVE-2013-6909 if immediate upgrades are not possible?