CNNVD-202602-152 Information

CNNVD ID

CNNVD-202602-152

Related CVE

CVE-2026-22881

• CNNVD Published: 2026-02-02

Description (Chinese)

Cybozu Garoon是日本才望子（Cybozu）公司的一套门户型OA办公系统。该系统提供门户、E-mail、书签、日程安排、公告栏、文件管理等功能。 Cybozu Garoon 5.15.0至6.0.3版本存在跨站脚本漏洞，该漏洞源于Message功能存在跨站脚本，可能导致重置任意用户密码。

Description (English)

Cybozu Garoon is a web-based OA office system for the company Cybozu in Japan. The system provides portals, e-mails, bookmarks, scheduling, bulletin boards, document management, etc. Cybozu Garoon 5.15.0 to 6.0.3 has a cross-site script loophole, which stems from the presence of a cross-site script for Message, which could lead to the resetting of any user password.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

才望子

Published

2026-02-02

Last Modified

2026-02-24

References

https://kb.cybozu.support/article/39084/ https://jvn.jp/en/jp/JVN35265756/ https://access.redhat.com/security/cve/cve-2026-22881

Patch

https://www.cybozu.com/jp/products/garoon/