{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20711", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-01-27T00:30:57.072Z", "datePublished": "2026-02-02T06:37:05.017Z", "dateUpdated": "2026-02-02T16:28:24.555Z"}, "containers": {"cna": {"affected": [{"vendor": "Cybozu, Inc.", "product": "Cybozu Garoon", "versions": [{"version": "5.0.0 to 6.0.3", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users\u2019 passwords."}], "problemTypes": [{"descriptions": [{"description": "Cross-site scripting (XSS)", "lang": "en-US", "cweId": "CWE-79", "type": "CWE"}]}], "references": [{"url": "https://kb.cybozu.support/article/39081/"}, {"url": "https://jvn.jp/en/jp/JVN35265756/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-02-02T06:37:05.017Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-02T16:05:10.499383Z", "id": "CVE-2026-20711", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T16:28:24.555Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20711", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-02T16:05:10.499383Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T16:05:16.230Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Cybozu, Inc.", "product": "Cybozu Garoon", "versions": [{"status": "affected", "version": "5.0.0 to 6.0.3"}]}], "references": [{"url": "https://kb.cybozu.support/article/39081/"}, {"url": "https://jvn.jp/en/jp/JVN35265756/"}], "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users\u2019 passwords."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-79", "description": "Cross-site scripting (XSS)"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-02-02T06:37:05.017Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20711", "state": "PUBLISHED", "dateUpdated": "2026-02-02T16:28:24.555Z", "dateReserved": "2026-01-27T00:30:57.072Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2026-02-02T06:37:05.017Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*", "matchCriteriaId": "562B8A87-363B-4C9D-BB9A-62F2C70AD1C2", "versionEndExcluding": "6.0.3", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users\u2019 passwords."}, {"lang": "es", "value": "Vulnerabilidad de cross-site scripting existe en la funci\u00f3n de correo electr\u00f3nico de Cybozu Garoon 5.0.0 a 6.0.3, lo que puede permitir a un atacante restablecer las contrase\u00f1as de usuarios arbitrarios."}], "id": "CVE-2026-20711", "lastModified": "2026-02-19T15:06:02.143", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-02-02T07:16:45.100", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN35265756/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://kb.cybozu.support/article/39081/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T14:19:08.624835+00:00", "value": {"mitigation_remediation": ["Apply any vendor\u2011supplied patch or upgrade to a version later than 6.0.3 that resolves the XSS bug", "Configure the email component to sanitize or whitelist HTML content and disallow script tags", "Implement a content\u2011security\u2011policy header for Garoon web pages to restrict script execution", "Audit logging of password\u2011reset requests to detect unauthorized activity"], "summary": {"action": "Patch", "impact": "Password reset via XSS in email function"}, "threat_synthesis": {"affected_systems": "The affected product is Cybozu Garoon, produced by Cybozu, Inc., for all releases between 5.0.0 and 6.0.3 inclusive. These are internal collaboration and project\u2011management platforms used by organizations that host Garoon on their own infrastructure.", "description_and_impact": "Cybozu Garoon versions 5.0.0 through 6.0.3 contain a cross\u2011site scripting flaw in the email handling component that enables an attacker to inject malicious scripts. The injected scripts can trigger password\u2011reset functionality for arbitrary users, effectively allowing an attacker to take over other accounts. The weakness falls under CWE\u201179 and impacts the integrity of user credentials and the availability of legitimate accounts.", "risk_and_exploitability": "The CVSS score of 6.9 indicates moderate severity. The EPSS score of less than 1% signals exceedingly low exploitation probability at the time of this analysis. The vulnerability is not listed in the CISA KEV catalog. While the official attack vector is not stated, it is inferred that an attacker could embed the XSS payload in an email sent through Garoon\u2019s email function, thereby executing the malicious script in the target\u2019s browser when the email is viewed."}}}}, "created": "2026-02-04T12:45:07.619381+00:00", "title": "Cross\u2011Site Scripting in Garoon Email Enables Password Reset for Any User", "updated": "2026-04-18T14:30:02.936836+00:00", "vendors": ["cybozu", "cybozu$PRODUCT$cybozu_garoon", "cybozu$PRODUCT$garoon"]}