CVE-2024-31401

Critical CVSS 9.0

Overview

Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.

CWE: CWE-79 Published: 2024-06-11T05:15:53.320

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.0 (CRITICAL)
Detected tags: xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags