GHSA-wpfv-crpp-p2xq

Опубликовано: 02 фев. 2026

Источник: github

Github: Не прошло ревью

CVSS4: 6.9

CVSS3: 6.5

Описание

Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2026-20711
https://jvn.jp/en/jp/JVN35265756
https://kb.cybozu.support/article/39081

EPSS

Процентиль: 2%

0.00012

Низкий

6.9 Medium

CVSS4

6.5 Medium

CVSS3

CVE ID

CVE-2026-20711

Дефекты

CWE-79

Связанные уязвимости

CVE-2026-20711

CVSS3: 6.1

nvd

3 месяца назад

Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.

EPSS

Процентиль: 2%

0.00012

Низкий

6.9 Medium

CVSS4

6.5 Medium

CVSS3

CVE ID

CVE-2026-20711

Дефекты

CWE-79