关键信息 漏洞ID: JVNDB-2016-000083 漏洞类型: Cross-site scripting 受影响产品: - Cybozu, Inc. - Cybozu Garoon 4.0 to 4.2 CVSS 评分: - V3 Severity: 6.1 [Medium] - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None - V2 Severity: 2.6 [Low] - Access Vector: Network - Access Complexity: High - Authentication: None - Confidentiality Impact: None - Integrity Impact: Partial - Availability Impact: None 影响: - An arbitrary script may be executed on the logged in user's web browser. 解决方法: - Update to the latest version according to the information provided by the developer. CWE: - Cross-site Scripting (CWE-79) CVE: - CVE-2016-1197 参考资料: - JVN: JVN#37121456 - National Vulnerability Database (NVD): CVE-2016-1197