CVE-2018-0558: XSS
First published: Tue Jun 26 2018(Updated: )
Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cybozu Mailwise | >=5.0.0<=5.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-0558?
The severity of CVE-2018-0558 is medium, with a severity value of 6.1.
How does CVE-2018-0558 affect Cybozu Mailwise?
CVE-2018-0558 affects Cybozu Mailwise versions 5.0.0 to 5.4.1, allowing remote attackers to inject arbitrary web script or HTML in 'System settings'.
How can remote attackers exploit CVE-2018-0558?
Remote attackers can exploit CVE-2018-0558 by injecting arbitrary web script or HTML in 'System settings' of Cybozu Mailwise.
Is there a fix for CVE-2018-0558?
Yes, a fix for CVE-2018-0558 may be available. Please refer to the official Cybozu Mailwise support page (link provided) for more information.
Where can I find more information about CVE-2018-0558?
You can find more information about CVE-2018-0558 on the official Cybozu Mailwise support page (link provided) or the JVN website (link provided).
- collector/nvd-index
- vendor/cybozu
- canonical/cybozu mailwise
- version/cybozu mailwise/5.0.0
- version/cybozu mailwise/5.4.1