Arbitrary Script Injection Vulnerability in Cybozu Garoon
CVE-2024-31401

Currently unrated

Key Information:

Vendor: Cybozu
Status: Cybozu Garoon
Vendor: CVE Published:; 11 June 2024

What is CVE-2024-31401?

Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.

Affected Version(s)

Cybozu Garoon 5.0.0 to 5.15.2

References

https://cs.cybozu.co.jp/2024/007901.html

https://jvn.jp/en/jp/JVN28869536/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
Apr 3, 2024

CVE-2024-31401 Data

JSON