CVE-2016-1217
published 2017-04-20CVE-2016-1217: Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.
PriorityP423medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.08%
60.8th percentile
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cybozu | garoon | <= 4.2.1 | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-2821 Mozilla: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51)
bugzilla·2016-06-06·CVSS 7.5
CVE-2016-2821 [HIGH] CVE-2016-2821 Mozilla: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51)
CVE-2016-2821 Mozilla: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51)
Security researcher firehack used the Address Sanitizer tool to discover a use-after-free in contenteditable mode. This occurs when deleting document object model (DOM) table elements created within the editor and results in a potentially exploitable crash.
External Reference:
https://www.mozilla.org/security/announce/2016/mfsa2016-51.html
Acknowledgements:
Name: the Mozilla project
Upstream: firehack
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2016:1217 https://access.redhat.com/errata/RHSA-2016:1217
Bugzilla
CVE-2016-2819 Mozilla: Buffer overflow parsing HTML5 fragments (MFSA 2016-50)
bugzilla·2016-06-06·CVSS 8.8
CVE-2016-2819 [HIGH] CVE-2016-2819 Mozilla: Buffer overflow parsing HTML5 fragments (MFSA 2016-50)
CVE-2016-2819 Mozilla: Buffer overflow parsing HTML5 fragments (MFSA 2016-50)
Security researcher firehack reported a buffer overflow when parsing HTML5 fragments in a foreign context such as under an node. This results in a potentially exploitable crash when inserting an HTML fragment into an existing document.
External Reference:
https://www.mozilla.org/security/announce/2016/mfsa2016-50.html
Acknowledgements:
Name: the Mozilla project
Upstream: firehack
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2016:1217 https://access.redhat.com/errata/RHSA-2016:1217
Bugzilla
CVE-2016-2828 Mozilla: Use-after-free when textures are used in WebGL operations after recycle pool destruction (MFSA 2016-56)
bugzilla·2016-06-06·CVSS 8.8
CVE-2016-2828 [HIGH] CVE-2016-2828 Mozilla: Use-after-free when textures are used in WebGL operations after recycle pool destruction (MFSA 2016-56)
CVE-2016-2828 Mozilla: Use-after-free when textures are used in WebGL operations after recycle pool destruction (MFSA 2016-56)
Mozilla community member jomo reported a use-after-free crash when processing WebGL content. This issue was caused by the use of a texture after its recycle pool has been destroyed during WebGL operations, which frees the memory associated with the texture. This results in a potentially exploitable crash when the texture is later called.
External Reference:
https://www.mozilla.org/security/announce/2016/mfsa2016-56.html
Acknowledgements:
Name: the Mozilla project
Upstream: jomo
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2016:1217 https://ac
Bugzilla
CVE-2016-2822 Mozilla: Addressbar spoofing though the SELECT element (MFSA 2016-52)
bugzilla·2016-06-06·CVSS 6.5
CVE-2016-2822 [MEDIUM] CVE-2016-2822 Mozilla: Addressbar spoofing though the SELECT element (MFSA 2016-52)
CVE-2016-2822 Mozilla: Addressbar spoofing though the SELECT element (MFSA 2016-52)
Security researcher Jordi Chancel reported a method to spoof the contents of the addressbar. This uses a persistent menu within a element, which acts as a container for HTML content and can be placed in an arbitrary location. When placed over the addressbar, this can mask the true site URL, allowing for spoofing by a malicious site
External Reference:
https://www.mozilla.org/security/announce/2016/mfsa2016-52.html
Acknowledgements:
Name: the Mozilla project
Upstream: Jordi Chancel
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2016:1217 https://access.redhat.com/errata/RHSA-2016:1217
http://jvn.jp/en/jp/JVN67595539/index.htmlhttp://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000146.htmlhttp://www.securityfocus.com/bid/92601https://support.cybozu.com/ja-jp/article/9235http://jvn.jp/en/jp/JVN67595539/index.htmlhttp://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000146.htmlhttp://www.securityfocus.com/bid/92601https://support.cybozu.com/ja-jp/article/9235
2017-04-20
Published