CNNVD-202602-153 Information
CNNVD ID
CNNVD-202602-153
Related CVE
- CNNVD Published: 2026-02-02
Description (Chinese)
Cybozu Garoon是日本才望子(Cybozu)公司的一套门户型OA办公系统。该系统提供门户、E-mail、书签、日程安排、公告栏、文件管理等功能。 Cybozu Garoon 6.0.3及之前版本存在跨站脚本漏洞,该漏洞源于电子邮件功能存在跨站脚本漏洞,可能导致重置任意用户密码。
Description (English)
Cybozu Garoon is a web-based OA office system for the company Cybozu in Japan. The system provides portals, e-mails, bookmarks, scheduling, bulletin boards, document management, etc. Cybozu Garoon 6.0.3 and earlier versions had a cross-site script loophole, which stemmed from the existence of a cross-site script gap in the e-mail function, which could lead to the resetting of any user password.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
才望子
Published
2026-02-02
Last Modified
2026-02-24
References
https://kb.cybozu.support/article/39081/ https://jvn.jp/en/jp/JVN35265756/ https://access.redhat.com/security/cve/cve-2026-20711
Patch
https://www.cybozu.com/jp/products/garoon/
Share on: