CVE-2014-1992: XSS
First published: Sun Jul 20 2014(Updated: )
Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cybozu Garoon | =3.1.0 | |
| Cybozu Garoon | =3.1.1 | |
| Cybozu Garoon | =3.1.2 | |
| Cybozu Garoon | =3.1.3 | |
| Cybozu Garoon | =3.5.0 | |
| Cybozu Garoon | =3.5.1 | |
| Cybozu Garoon | =3.5.2 | |
| Cybozu Garoon | =3.5.3 | |
| Cybozu Garoon | =3.5.4 | |
| Cybozu Garoon | =3.5.5 | |
| Cybozu Garoon | =3.7-sp1 | |
| Cybozu Garoon | =3.7-sp2 | |
| Cybozu Garoon | =3.7-sp3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-1992?
CVE-2014-1992 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2014-1992?
To mitigate CVE-2014-1992, users should upgrade to Cybozu Garoon version 3.7 SP4 or later.
What software is affected by CVE-2014-1992?
CVE-2014-1992 affects Cybozu Garoon versions 3.1.x, 3.5.x, and 3.7.x prior to version 3.7 SP4.
What kind of vulnerability is CVE-2014-1992?
CVE-2014-1992 is a cross-site scripting (XSS) vulnerability that allows injection of arbitrary web scripts or HTML.
Who can exploit CVE-2014-1992?
CVE-2014-1992 can be exploited by remote authenticated users of the affected Cybozu Garoon applications.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- agent/source
- vendor/cybozu
- canonical/cybozu garoon
- version/cybozu garoon/3.1.0
- version/cybozu garoon/3.1.1
- version/cybozu garoon/3.1.2
- version/cybozu garoon/3.1.3
- version/cybozu garoon/3.5.0
- version/cybozu garoon/3.5.1
- version/cybozu garoon/3.5.2
- version/cybozu garoon/3.5.3
- version/cybozu garoon/3.5.4
- version/cybozu garoon/3.5.5
- version/cybozu garoon/3.7-sp1
- version/cybozu garoon/3.7-sp2
- version/cybozu garoon/3.7-sp3