CVE-2026-22881

Sažetak

Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.

Reference

https://jvn.jp/en/jp/JVN35265756/
https://kb.cybozu.support/article/39084/

CVSS

Base:	5.7
Impact:	3.6
Exploitability:	2.1

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	HIGH	NONE

CVSS vektor

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Zadnje važnije ažuriranje

03-02-2026 - 16:44

Objavljeno

02-02-2026 - 07:16