CVE-2021-20628: XSS
First published: Thu Mar 18 2021(Updated: )
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cybozu Office | >=10.0.0<=10.8.4 | |
| Mozilla Firefox |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-20628?
CVE-2021-20628 is a cross-site scripting vulnerability in the Address Book of Cybozu Office version 10.0.0 to 10.8.4.
How does CVE-2021-20628 work?
CVE-2021-20628 allows remote attackers to inject an arbitrary script via unspecified vectors when using Mozilla Firefox.
What is the severity of CVE-2021-20628?
CVE-2021-20628 has a severity score of 6.1, which is considered medium.
Which software versions are affected by CVE-2021-20628?
Versions 10.0.0 to 10.8.4 of Cybozu Office are affected by CVE-2021-20628.
How can I fix CVE-2021-20628?
To fix CVE-2021-20628, it is recommended to update Cybozu Office to a version beyond 10.8.4.
- agent/references
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/cybozu
- canonical/cybozu office
- version/cybozu office/10.0.0
- version/cybozu office/10.8.4
- vendor/mozilla
- canonical/mozilla firefox