VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 29, 2011· Updated Apr 29, 2026

CVE-2011-1333

CVE-2011-1333

Description

Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the bulletin board system."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cybozu Office 6 and Garoon 2.0.0-2.1.3 are vulnerable to XSS via graphic file downloads, allowing arbitrary script execution.

Vulnerability

Cross-site scripting (XSS) vulnerability exists in Cybozu Office 6 and Cybozu Garoon versions 2.0.0 through 2.1.3. The flaw occurs due to insufficient input sanitization when downloading graphic files from the bulletin board system [1][2].

Exploitation

An attacker can exploit this vulnerability by posting a crafted graphic file to the bulletin board. A victim user must be logged in and download the malicious file, triggering the XSS. No special network position is required beyond access to the bulletin board [1][2].

Impact

Successful exploitation allows arbitrary script execution in the victim's browser within the context of the affected application. This can lead to session hijacking, credential theft, or other malicious actions [1][2].

Mitigation

Update to the latest version provided by Cybozu. Specific fixed versions are not disclosed in the available references, but users should apply the vendor's patch [1][2].

References
  1. Multiple Cybozu products vulnerable to cross-site scripting
  2. JVNDB-2011-000045 - JVN iPedia

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

14
  • Cybozu/Garoon12 versions
    cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*
    • (no CPE)range: 2.0.0 - 2.1.3
  • Cybozu/Office2 versions
    cpe:2.3:a:cybozu:office:6:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:cybozu:office:6:*:*:*:*:*:*:*
    • (no CPE)range: =6

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.