{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T02:37:53.475","vulnerabilities":[{"cve":{"id":"CVE-2016-4865","sourceIdentifier":"vultures@jpcert.or.jp","published":"2017-04-17T15:59:00.167","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function."},{"lang":"es","value":"Una vulnerabilidad de tipo cross-site scripting en Cybozu Office versiones 9.0.0 hasta 10.4.0, permite a los atacantes con derechos de administrador inyectar script web o HTML arbitrario por medio de la funciĆ³n Customapp."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cybozu:office:9.0:*:*:*:*:*:*:*","matchCriteriaId":"B029709C-5ED7-4F29-8DA9-AFF9D678429F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*","matchCriteriaId":"D9AE0F63-8DD1-4F61-B772-E4F64197A73F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*","matchCriteriaId":"27E1F1BC-4FF8-4438-92C2-5094F18BAB27"},{"vulnerable":true,"criteria":"cpe:2.3:a:cybozu:office:9.2.1:*:*:*:*:*:*:*","matchCriteriaId":"C71A2292-BEEF-4449-992C-B8535E0EF969"},{"vulnerable":true,"criteria":"cpe:2.3:a:cybozu:office:9.3.0:*:*:*:*:*:*:*","matchCriteriaId":"E4B07F75-4F29-4241-9C5A-F723EAFCFC49"},{"vulnerable":true,"criteria":"cpe:2.3:a:cybozu:office:9.3.1:*:*:*:*:*:*:*","matchCriteriaId":"7ADEDCD4-8794-42A3-961A-9CE562BF64CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:cybozu:office:9.3.2:*:*:*:*:*:*:*","matchCriteriaId":"3CF1B981-0417-430F-9BB3-7292D297557E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*","matchCriteriaId":"59BDE89C-C891-4517-877D-26B5E4D87E0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cybozu:office:10.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F02CF334-548D-4B9B-8732-A85D97E003C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:cybozu:office:10.0.1:*:*:*:*:*:*:*","matchCriteriaId":"A968E493-5C74-45FB-BA4E-C21D66613480"},{"vulnerable":true,"criteria":"cpe:2.3:a:cybozu:office:10.0.2:*:*:*:*:*:*:*","matchCriteriaId":"89D06E58-28D5-43E9-87CD-9534DF3CA6DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:cybozu:office:10.1.0:*:*:*:*:*:*:*","matchCriteriaId":"A86DD19B-9DD2-412D-B259-9D2677C9CC0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cybozu:office:10.1.2:*:*:*:*:*:*:*","matchCriteriaId":"1EE0A58F-3DAF-4E88-A7CC-E1FE749EB6A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:cybozu:office:10.2.0:*:*:*:*:*:*:*","matchCriteriaId":"2BF85C6A-952B-4327-98EF-BB72CA6AA5CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*","matchCriteriaId":"664B383F-3C96-406C-B0B9-041F26F1F5A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cybozu:office:10.4.0:*:*:*:*:*:*:*","matchCriteriaId":"BBA465B8-3852-4630-B16C-120F77DB1F8C"}]}]}],"references":[{"url":"http://jvn.jp/en/jp/JVN06726266/index.html","source":"vultures@jpcert.or.jp","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html","source":"vultures@jpcert.or.jp","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/93281","source":"vultures@jpcert.or.jp","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.cybozu.com/ja-jp/article/9430","source":"vultures@jpcert.or.jp","tags":["Vendor Advisory"]},{"url":"http://jvn.jp/en/jp/JVN06726266/index.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/93281","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.cybozu.com/ja-jp/article/9430","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}