Primary

Context

Cybozu Garoon Cross-Site Scripting Vulnerability in Message Function Allowing Password Resets

Vulnerability

Patched

A cross-site scripting vulnerability has been identified in the Message function of Cybozu Garoon versions 5.15.0 to 6.0.3. This vulnerability could allow an attacker to execute arbitrary scripts in the context of the user's web browser, potentially leading to unauthorized password resets for users.

Impact

Exploitation of this vulnerability could result in cross-site scripting, allowing for the execution of malicious scripts in the context of the user's session. This could be used to reset passwords for arbitrary users.

Remediation

Users are advised to update to Cybozu Garoon version 6.17.0, where this vulnerability has been addressed.

Added: Feb 2, 2026, 7:19 AM

Updated: Feb 2, 2026, 7:19 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.4

exploitability

4.6

remediation

7.7

relevance

2.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.4

exploitability

4.6

remediation

7.7

relevance

2.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cybozu Garoon Cross-Site Scripting Vulnerability in Message Function Allowing Password Resets

Vulnerability

Impact

Remediation

Affected Products

Cybozu Garoon

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating