VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 29, 2011· Updated Apr 29, 2026

CVE-2011-1332

CVE-2011-1332

Description

Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-6570.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cybozu Garoon 2.0.0 through 2.1.3 contains a cross-site scripting vulnerability allowing remote attackers to inject arbitrary script into logged-in users' browsers.

Vulnerability

Cybozu Garoon versions 2.0.0 through 2.1.3 are vulnerable to a cross-site scripting (XSS) issue. The vulnerability resides in unspecified vectors within the groupware application and allows injection of arbitrary web script or HTML. [1][2]

Exploitation

An attacker can exploit this vulnerability by sending a crafted link or input to a logged-in user. The user must interact with the malicious content (e.g., by clicking a link) for the script to execute. The CVSS v2 score (2.6, Low) indicates high access complexity, suggesting that successful exploitation requires some user interaction. [1][2]

Impact

If exploited, arbitrary script may be executed in the context of the victim's browser session. This can lead to theft of session cookies, defacement, or other actions performed on behalf of the authenticated user. Confidentiality of the user's data may be partially compromised. [1][2]

Mitigation

The vendor, Cybozu, recommends updating to the latest version of Garoon. The fixed version was released prior to the public disclosure on 2011-06-24. No workarounds are documented. Users should apply the update according to vendor instructions. [1][2]

References
  1. Cybozu Garoon vulnerable to cross-site scripting
  2. JVNDB-2011-000044 - JVN iPedia

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

12
  • Cybozu/Garoon12 versions
    cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*
    • (no CPE)range: >=2.0.0, <=2.1.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.