ГлавнаяУязвимости → CVE-2024-31401
9критическая

CVE-2024-31401

Описание

Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.

Затрагиваемое ПО
Cybozu Garoon
CVSS
Балл9 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Источники
https://cs.cybozu.co.jp/2024/007901.htmlhttps://jvn.jp/en/jp/JVN28869536/https://cs.cybozu.co.jp/2024/007901.htmlhttps://jvn.jp/en/jp/JVN28869536/