This is a repository for Cybozu to publish the guidelines that are used in vulnerability identification when we receive reports on vulnerability information.
If updated guidelines include changes to identification criteria, the new criteria are applied to reports that are received after the guidelines written in Japanese are published.
- Cross Site Request Forgery (CSRF)
- Leakage of Sensitive Information
- Reflected File Download
- Vulnerability In Third-party Products
- Vulnerability In WordPress
- X-Frame-Options:SAMEORIGIN Output Defects
- Content Spoofing
- Cross-Site Scripting (XSS)
- Open Redirect
- Escape Sequence Injection
For other identified vulnerabilities, see the following document:
Vulnerability Information Handling Policy
Detailed identification conditions will be added at a later date.
- CSV Injection
- PDF FormCalc Attack
- Tabnabbing
- Cross Site Port Attack (XSPA)
- Problems Due to Web Browser Resource Shortage
- Denial of Service (Dos) Requiring a Large Amount of Data or Requests
- Vulnerability Subject to Man-In-The-Middle Attack
Copyright (C) Cybozu, Inc