Cybozu Garoon vulnerabilities
198 known vulnerabilities affecting cybozu/garoon.
Total CVEs
198
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH24MEDIUM158LOW12
Vulnerabilities
Page 10 of 10
CVE-2013-6905P4MEDIUMCVSS 4.3≤ 3.5v2.0+5 more2013-12-05
CVE-2013-6905 [MEDIUM] CWE-79 CVE-2013-6905: Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when In
Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-6908P4MEDIUMCVSS 4.3v3.0v3.1+1 more2013-12-05
CVE-2013-6908 [MEDIUM] CWE-79 CVE-2013-6908: Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allow
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-6904P4MEDIUMCVSS 4.3≤ 3.5v2.0+5 more2013-12-05
CVE-2013-6904 [MEDIUM] CWE-79 CVE-2013-6904: Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Int
Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-6907P4MEDIUMCVSS 4.3≤ 3.5v2.0+5 more2013-12-05
CVE-2013-6907 [MEDIUM] CWE-79 CVE-2013-6907: Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-6906P4MEDIUMCVSS 4.3≤ 3.5v2.0+5 more2013-12-05
CVE-2013-6906 [MEDIUM] CWE-79 CVE-2013-6906: Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Int
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-0702P4MEDIUMCVSS 4.3v2.0.0v2.0.1+11 more2013-02-14
CVE-2013-0702 [MEDIUM] CWE-79 CVE-2013-0702: Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attacker
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2011-1332P4MEDIUMCVSS 4.3v2.0.0v2.0.1+9 more2011-06-29
CVE-2011-1332 [MEDIUM] CVE-2011-1332: Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attacker
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-6570.
nvd
CVE-2018-0532P4LOWCVSS 2.7≥ 3.0.0, ≤ 4.2.62018-04-16
CVE-2018-0532 [LOW] CWE-79 CVE-2018-0532: Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to a
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors.
nvd
CVE-2014-1994P4LOWCVSS 3.5v2.0.0v2.1.0+23 more2014-07-20
CVE-2014-1994 [LOW] CWE-79 CVE-2014-1994: Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before
Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2014-1992P4LOWCVSS 3.5v3.1.0v3.1.1+9 more2014-07-20
CVE-2014-1992 [LOW] CWE-79 CVE-2014-1992: Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x
Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2014-1988P4LOWCVSS 3.5v2.0.0v2.1.0+26 more2014-05-02
CVE-2014-1988 [LOW] CVE-2014-1988: The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users
The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors.
nvd
CVE-2013-6914P4LOWCVSS 3.5≤ 3.7v2.0+6 more2013-12-05
CVE-2013-6914 [LOW] CWE-79 CVE-2013-6914: Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allow
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-6911P4LOWCVSS 3.5≤ 3.7v2.0+6 more2013-12-05
CVE-2013-6911 [LOW] CWE-79 CVE-2013-6911: Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7
Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-6915P4LOWCVSS 3.5≤ 3.7v2.0+6 more2013-12-05
CVE-2013-6915 [LOW] CWE-79 CVE-2013-6915: Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon bef
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-6912P4LOWCVSS 3.5≤ 3.7v2.0+6 more2013-12-05
CVE-2013-6912 [LOW] CWE-79 CVE-2013-6912: Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2014-1995P4LOWCVSS 3.5v2.0.0v2.1.0+23 more2014-07-20
CVE-2014-1995 [LOW] CWE-79 CVE-2014-1995: Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.
Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-6913P4LOWCVSS 3.5≤ 3.7v2.0+6 more2013-12-05
CVE-2013-6913 [LOW] CWE-79 CVE-2013-6913: Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when I
Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2021-20761P4LOWCVSS 2.7≥ 4.0.0, ≤ 5.0.22021-08-18
CVE-2021-20761 [LOW] CWE-20 CVE-2021-20761: Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote at
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.
nvd
← Previous10 / 10