Cybozu Garoon
Moderate fix1 remedy
cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*
Moderate fix1 remedy
- 5.0.0
- 5.0.1
- 5.0.2
- 5.5.0
- 5.5.1
- 5.9.0
- 5.9.1
- 5.9.2
- 5.15.0
- 5.15.1
- 5.15.2
- 6.0.0
- 6.0.1
- 6.0.2
- 6.0.3
Cybozu Garoon Cross-Site Scripting Vulnerability in E-mail Function Allowing Password Resets
Vulnerability
Patched
A cross-site scripting vulnerability has been identified in the E-mail function of Cybozu Garoon versions 5.0.0 to 6.0.3. This vulnerability may allow an attacker to execute arbitrary scripts in the context of the user's web browser, potentially leading to unauthorized password resets for users.
Impact
Exploitation of this vulnerability could allow an attacker to reset passwords for arbitrary users.
Remediation
Users are advised to update to Cybozu Garoon version 6.17.0, which addresses this vulnerability.
Added: Feb 2, 2026, 7:19 AM
Updated: Feb 2, 2026, 7:19 AM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
5.4exploitability
4.0remediation
7.7relevance
2.4threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.