Vulnerability Details CVE-2016-4866
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.9%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- http://jvn.jp/en/jp/JVN06726266/index.html
- http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html
- http://www.securityfocus.com/bid/93281
- https://support.cybozu.com/ja-jp/article/9431
- http://jvn.jp/en/jp/JVN06726266/index.html
- http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html
- http://www.securityfocus.com/bid/93281
- https://support.cybozu.com/ja-jp/article/9431
Products affected by CVE-2016-4866
-
cpe:2.3:a:cybozu:office:10.0.0
-
cpe:2.3:a:cybozu:office:10.0.1
-
cpe:2.3:a:cybozu:office:10.0.2
-
cpe:2.3:a:cybozu:office:10.1.0
-
cpe:2.3:a:cybozu:office:10.1.2
-
cpe:2.3:a:cybozu:office:10.2.0
-
cpe:2.3:a:cybozu:office:10.3.0
-
cpe:2.3:a:cybozu:office:10.4.0
-
cpe:2.3:a:cybozu:office:9.0
-
cpe:2.3:a:cybozu:office:9.1.0
-
cpe:2.3:a:cybozu:office:9.2.0
-
cpe:2.3:a:cybozu:office:9.2.1
-
cpe:2.3:a:cybozu:office:9.3.0
-
cpe:2.3:a:cybozu:office:9.3.1
-
cpe:2.3:a:cybozu:office:9.3.2
-
cpe:2.3:a:cybozu:office:9.9.0