Vulnerability Description
Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser.
CVSS Score
5.4
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cybozu | Garoon | >= 6.0.0, < 6.0.2 |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN74825766/Third Party Advisory
- https://kb.cybozu.support/?product=garoon&v=&fv=6.0.2&t=%E8%84%86%E5%BC%B1%E6%80Vendor Advisory
- https://jvn.jp/en/jp/JVN74825766/Third Party Advisory
- https://kb.cybozu.support/?product=garoon&v=&fv=6.0.2&t=%E8%84%86%E5%BC%B1%E6%80Vendor Advisory
FAQ
What is CVE-2024-39457?
CVE-2024-39457 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser.
How severe is CVE-2024-39457?
CVE-2024-39457 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-39457?
Check the references section above for vendor advisories and patch information. Affected products include: Cybozu Garoon.