CVE-2016-1149

Published on: 02/16/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:04 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Certain versions of Office from Cybozu contain the following vulnerability:

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150.

  • CVE-2016-1149 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 6.1 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
CHANGED LOW LOW NONE

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL NONE

CVE References

Description Tags Link
特定の機能を含んだ画面でXSS脆弱性(2015/12/7) | サイボウズからのお知らせ Vendor Advisory
cs.cybozu.co.jp
text/html
URL Logo CONFIRM cs.cybozu.co.jp/2015/006072.html
特定リクエストのパラメータの改ざんで、任意のスクリプトが実行できる【CyVDB-633】【CyVDB-692】【CyVDB-660】(2015/12/14) | サイボウズからのお知らせ Vendor Advisory
cs.cybozu.co.jp
text/html
URL Logo CONFIRM cs.cybozu.co.jp/2015/006087.html
[Internet Explorerの現象]メールに関するクロスサイトスクリプティングの脆弱性[CyVDB-711](2016/01/18) | サイボウズからのお知らせ Vendor Advisory
cs.cybozu.co.jp
text/html
URL Logo CONFIRM cs.cybozu.co.jp/2016/006109.html
お探し物パーツに関するクロスサイトスクリプティングの脆弱性[CyVDB-1015](2016/01/18) | サイボウズからのお知らせ Vendor Advisory
cs.cybozu.co.jp
text/html
URL Logo CONFIRM cs.cybozu.co.jp/2016/006107.html
JVN#69278491: Cybozu Office vulnerable to cross-site scripting Vendor Advisory
jvn.jp
text/xml
URL Logo JVN JVN#69278491
No Description Provided Vendor Advisory
jvndb.jvn.jp
text/html
URL Logo JVNDB JVNDB-2016-000026

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationCybozuOffice10.0.0AllAllAll
ApplicationCybozuOffice10.0.1AllAllAll
ApplicationCybozuOffice10.0.2AllAllAll
ApplicationCybozuOffice10.1.0AllAllAll
ApplicationCybozuOffice10.1.2AllAllAll
ApplicationCybozuOffice10.2.0AllAllAll
ApplicationCybozuOffice10.3.0AllAllAll
ApplicationCybozuOffice9.0AllAllAll
ApplicationCybozuOffice9.1.0AllAllAll
ApplicationCybozuOffice9.2.0AllAllAll
ApplicationCybozuOffice9.2.1AllAllAll
ApplicationCybozuOffice9.3.0AllAllAll
ApplicationCybozuOffice9.3.1AllAllAll
ApplicationCybozuOffice9.3.2AllAllAll
ApplicationCybozuOffice9.9.0AllAllAll
ApplicationCybozuOffice10.0.0AllAllAll
ApplicationCybozuOffice10.0.1AllAllAll
ApplicationCybozuOffice10.0.2AllAllAll
ApplicationCybozuOffice10.1.0AllAllAll
ApplicationCybozuOffice10.1.2AllAllAll
ApplicationCybozuOffice10.2.0AllAllAll
ApplicationCybozuOffice10.3.0AllAllAll
ApplicationCybozuOffice9.0AllAllAll
ApplicationCybozuOffice9.1.0AllAllAll
ApplicationCybozuOffice9.2.0AllAllAll
ApplicationCybozuOffice9.2.1AllAllAll
ApplicationCybozuOffice9.3.0AllAllAll
ApplicationCybozuOffice9.3.1AllAllAll
ApplicationCybozuOffice9.3.2AllAllAll
ApplicationCybozuOffice9.9.0AllAllAll
  • cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*: