Stored Cross-Site Scripting Vulnerability in Cybozu Mailwise Product
CVE-2018-0557

6.1MEDIUM

Key Information:

Vendor

Cybozu
Status
Cybozu Mailwise
Vendor
CVE Published:
26 June 2018

What is CVE-2018-0557?

A stored cross-site scripting vulnerability exists in Cybozu Mailwise versions 5.0.0 through 5.4.1, which allows remote attackers to inject arbitrary web scripts or HTML into the 'E-mail Details Screen' via unspecified vectors. This flaw could lead to unauthorized data manipulation and exploitation of users interacting with affected instances.

Affected Version(s)

Cybozu Mailwise 5.0.0 to 5.4.1

References

http://jvn.jp/en/jp/JVN52319657/index.html
third-party-advisoryx_refsource_JVN
https://support.cybozu.com/ja-jp/article/10194
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.