First published: Thu Dec 05 2013(Updated: )
Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Cybozu Garoon | <=3.7 | |
Cybozu Garoon | =2.0-sp1 | |
Cybozu Garoon | =2.0-sp2 | |
Cybozu Garoon | =2.0-sp3 | |
Cybozu Garoon | =2.0-sp4 | |
Cybozu Garoon | =2.0-sp5 | |
Cybozu Garoon | =2.0-sp6 | |
Cybozu Garoon | =2.1 | |
Cybozu Garoon | =2.1-sp1 | |
Cybozu Garoon | =2.1-sp2 | |
Cybozu Garoon | =2.1-sp3 | |
Cybozu Garoon | =2.5 | |
Cybozu Garoon | =2.5-sp1 | |
Cybozu Garoon | =2.5-sp2 | |
Cybozu Garoon | =2.5-sp3 | |
Cybozu Garoon | =2.5-sp4 | |
Cybozu Garoon | =3.0 | |
Cybozu Garoon | =3.0-sp1 | |
Cybozu Garoon | =3.0-sp2 | |
Cybozu Garoon | =3.0-sp3 | |
Cybozu Garoon | =3.1 | |
Cybozu Garoon | =3.1-sp1 | |
Cybozu Garoon | =3.1-sp2 | |
Cybozu Garoon | =3.1-sp3 | |
Cybozu Garoon | =3.5 | |
Cybozu Garoon | =3.5-sp1 | |
Cybozu Garoon | =3.5-sp2 | |
Cybozu Garoon | =3.5-sp3 | |
Cybozu Garoon | =3.5-sp4 | |
Cybozu Garoon | =3.5-sp5 | |
Cybozu Garoon | =3.7 | |
Internet Explorer |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-6913 is classified as a high severity vulnerability due to its potential for remote code execution via cross-site scripting.
To fix CVE-2013-6913, you should upgrade Cybozu Garoon to version 3.7.2 or later.
CVE-2013-6913 affects Cybozu Garoon versions prior to 3.7.2 and certain 2.x versions.
Yes, CVE-2013-6913 specifically affects users of Cybozu Garoon when using Internet Explorer.
No, CVE-2013-6913 can only be exploited by remote authenticated users.