Unrated severityNVD Advisory· Published Jun 29, 2011· Updated Apr 29, 2026

CVE-2011-1335

Description

Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "address book and user list functions."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cybozu Office 6, 7, and before 8.1.1 have a cross-site scripting vulnerability in address book and user list functions.

Vulnerability

Cybozu Office versions 6, 7, and prior to 8.1.1 contain a cross-site scripting (XSS) vulnerability in the address book and user list functions [1][2]. The vulnerability allows remote attackers to inject arbitrary web script or HTML via vectors related to these functions [1][2].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious link or input that, when accessed by a logged-in user, injects and executes arbitrary script in the user's browser. The CVSS v2 score indicates an access vector of Network, low complexity, and single authentication requirement, meaning the attacker does not need to be authenticated but the victim must have an active session [2]. The user interaction is required for the attack to succeed.

Impact

Successful exploitation allows the attacker to execute arbitrary script in the context of the victim's browser session on the Cybozu Office application. This can lead to session hijacking, defacement, or theft of sensitive information displayed or accessible through the application [1][2].

Mitigation

Cybozu has released version 8.1.1 which addresses this vulnerability [1][2]. Users should update to the latest version as provided by the vendor. No workarounds are documented in the available references.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cybozu/Office4 versions
cpe:2.3:a:cybozu:office:6:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:cybozu:office:6:*:*:*:*:*:*:*
- cpe:2.3:a:cybozu:office:7:*:*:*:*:*:*:*
- cpe:2.3:a:cybozu:office:8:*:*:*:*:*:*:*
- (no CPE)range: <8.1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cs.cybozu.co.jp/information/20100816notice05.phpnvdPatchVendor Advisory
secunia.com/advisories/44992nvdVendor Advisory
secunia.com/advisories/45050nvdVendor Advisory
jvn.jp/en/jp/JVN55508059/index.htmlnvd
jvndb.jvn.jp/jvndb/JVNDB-2011-000047nvd
www.osvdb.org/73320nvd
www.securityfocus.com/bid/48446nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000