CVE-2026-20711

Sažetak

Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.

Reference

https://jvn.jp/en/jp/JVN35265756/
https://kb.cybozu.support/article/39081/

CVSS

Base:	6.5
Impact:	3.6
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	HIGH	NONE

CVSS vektor

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Zadnje važnije ažuriranje

03-02-2026 - 16:44

Objavljeno

02-02-2026 - 07:16