{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22881", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-01-27T00:34:57.021Z", "datePublished": "2026-02-02T06:37:17.621Z", "dateUpdated": "2026-02-02T16:28:15.355Z"}, "containers": {"cna": {"affected": [{"vendor": "Cybozu, Inc.", "product": "Cybozu Garoon", "versions": [{"version": "5.15.0 to 6.0.3", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users\u2019 passwords."}], "problemTypes": [{"descriptions": [{"description": "Cross-site scripting (XSS)", "lang": "en-US", "cweId": "CWE-79", "type": "CWE"}]}], "references": [{"url": "https://kb.cybozu.support/article/39084/"}, {"url": "https://jvn.jp/en/jp/JVN35265756/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "MEDIUM", "baseScore": 5.7, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.8, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-02-02T06:37:17.621Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-02T15:13:50.929520Z", "id": "CVE-2026-22881", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T16:28:15.355Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22881", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-02T15:13:50.929520Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T15:14:03.353Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 5.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Cybozu, Inc.", "product": "Cybozu Garoon", "versions": [{"status": "affected", "version": "5.15.0 to 6.0.3"}]}], "references": [{"url": "https://kb.cybozu.support/article/39084/"}, {"url": "https://jvn.jp/en/jp/JVN35265756/"}], "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users\u2019 passwords."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-79", "description": "Cross-site scripting (XSS)"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-02-02T06:37:17.621Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22881", "state": "PUBLISHED", "dateUpdated": "2026-02-02T16:28:15.355Z", "dateReserved": "2026-01-27T00:34:57.021Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2026-02-02T06:37:17.621Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7B1171A-2A25-4F4C-9B65-7881B8DE761F", "versionEndExcluding": "6.0.3", "versionStartIncluding": "5.15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users\u2019 passwords."}, {"lang": "es", "value": "Vulnerabilidad de Cross-Site Scripting existe en la funci\u00f3n Mensaje de Cybozu Garoon 5.15.0 a 6.0.3, lo que podr\u00eda permitir a un atacante restablecer las contrase\u00f1as de usuarios arbitrarios."}], "id": "CVE-2026-22881", "lastModified": "2026-02-19T15:00:54.530", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-02-02T07:16:45.337", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN35265756/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://kb.cybozu.support/article/39084/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T00:43:55.918553+00:00", "value": {"mitigation_remediation": ["Install the Cybozu Garoon security update released in version 6.0.4 (or later) as described in the vendor KB article linked in the references.", "If a patch is not immediately available, apply the input sanitization procedures recommended by Cybozu for the Message function to mitigate the XSS issue.", "Restrict message\u2011posting permissions to trusted users and monitor password\u2011reset logs for suspicious activity to provide early detection of exploitation attempts."], "summary": {"action": "Apply Patch", "impact": "Cross\u2011site scripting that allows an attacker to reset arbitrary user passwords"}, "threat_synthesis": {"affected_systems": "Cybozu, Inc. products Cybozu Garoon versions 5.15.0 to 6.0.3 are affected. Users deploying any of these releases need to verify their version and apply an update if one is available.", "description_and_impact": "A client\u2011side cross\u2011site scripting flaw exists in the Message function of Cybozu Garoon versions 5.15.0 through 6.0.3. The flaw allows an attacker to insert malicious script that triggers a password reset for any user, thereby compromising account integrity and potentially threatening confidentiality if the attacker obtains the new credentials. This vulnerability is categorized as CWE\u201179, an example of insufficient input validation leading to script injection.", "risk_and_exploitability": "With a base CVSS score of 6.8, this vulnerability is considered medium severity. The EPSS score of less than 1% indicates that, at present, the likelihood of exploitation is very low, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The exploit would likely be carried out through a client\u2011side attack vector, requiring the attacker to deliver crafted content to a user with an active session. Verification of an active session or authentication may be necessary to successfully reset passwords. In the absence of a public exploit, the risk remains moderate until a exploit is detected."}}}}, "created": "2026-02-04T12:44:51.876580+00:00", "title": "XSS in Cybozu Garoon Allows Password Reset", "updated": "2026-04-18T00:45:32.246867+00:00", "vendors": ["cybozu", "cybozu$PRODUCT$cybozu_garoon", "cybozu$PRODUCT$garoon"]}