Cybozu Garoon vulnerabilities
198 known vulnerabilities affecting cybozu/garoon.
Total CVEs
198
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH24MEDIUM158LOW12
Vulnerabilities
Page 4 of 10
CVE-2017-2258P4MEDIUMCVSS 4.3v4.2.4v4.2.52017-08-29
CVE-2017-2258 [MEDIUM] CWE-22 CVE-2017-2258: Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitra
Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".
nvd
CVE-2023-26595P4MEDIUMCVSS 6.5≥ 4.10.0, ≤ 5.9.22023-05-23
CVE-2023-26595 [MEDIUM] CWE-400 CVE-2023-26595: Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote au
Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.
nvd
CVE-2024-31399P4MEDIUMCVSS 6.5≥ 5.0.0, ≤ 5.15.22024-06-11
CVE-2024-31399 [MEDIUM] CWE-400 CVE-2024-31399: Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2.
Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.
nvd
CVE-2026-20711P4MEDIUMCVSS 6.1≥ 5.0.0, < 6.0.32026-02-02
CVE-2026-20711 [MEDIUM] CWE-79 CVE-2026-20711: Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which
Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
nvd
CVE-2026-22881P4MEDIUMCVSS 5.4≥ 5.15.0, < 6.0.32026-02-02
CVE-2026-22881 [MEDIUM] CWE-79 CVE-2026-22881: Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, whic
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
nvd
CVE-2014-0817P4MEDIUMCVSS 4.9v2.0v2.0.0+22 more2014-02-27
CVE-2014-0817 [MEDIUM] CWE-264 CVE-2014-0817: Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which all
Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors.
nvd
CVE-2019-5930P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 4.6.32019-05-17
CVE-2019-5930 [MEDIUM] CVE-2019-5930: Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthor
Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application 'Management of Basic System'.
nvd
CVE-2019-5933P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 4.10.02019-05-17
CVE-2019-5933 [MEDIUM] CVE-2019-5933: Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to
Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application 'Bulletin'.
nvd
CVE-2022-27627P4MEDIUMCVSS 6.1≥ 4.10.2, ≤ 5.5.12022-07-04
CVE-2022-27627 [MEDIUM] CWE-79 CVE-2022-27627: Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 al
Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.
nvd
CVE-2017-2144P4MEDIUMCVSS 5.4v3.0.0v3.0.1+23 more2017-07-07
CVE-2017-2144 [MEDIUM] CVE-2017-2144: Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially c
Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.
nvd
CVE-2019-5942P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 4.10.12019-05-17
CVE-2019-5942 [MEDIUM] CVE-2019-5942: Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'.
nvd
CVE-2019-5941P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 4.10.12019-05-17
CVE-2019-5941 [MEDIUM] CVE-2019-5941: Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alt
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application 'Multi Report'.
nvd
CVE-2016-1214P4MEDIUMCVSS 6.1≤ 4.2.12017-04-20
CVE-2016-1214 [MEDIUM] CWE-79 CVE-2016-1214: Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.
nvd
CVE-2016-1217P4MEDIUMCVSS 6.1≤ 4.2.12017-04-20
CVE-2016-1217 [MEDIUM] CWE-79 CVE-2016-1217: Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon be
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.
nvd
CVE-2019-5939P4MEDIUMCVSS 6.1≥ 4.0.0, ≤ 4.10.12019-05-17
CVE-2019-5939 [MEDIUM] CWE-79 CVE-2019-5939: Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to injec
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'.
nvd
CVE-2019-5940P4MEDIUMCVSS 6.1≥ 4.0.0, ≤ 4.10.12019-05-17
CVE-2019-5940 [MEDIUM] CWE-79 CVE-2019-5940: Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to injec
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'.
nvd
CVE-2016-1197P4MEDIUMCVSS 6.1v4.0.0v4.0.1+3 more2016-06-19
CVE-2016-1197 [MEDIUM] CVE-2016-1197: Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers t
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775.
nvd
CVE-2021-20765P4MEDIUMCVSS 6.1≥ 4.0.0, ≤ 5.0.22021-08-18
CVE-2021-20765 [MEDIUM] CWE-79 CVE-2021-20765: Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attac
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
nvd
CVE-2021-20771P4MEDIUMCVSS 6.1≥ 4.0.0, ≤ 5.5.02021-08-18
CVE-2021-20771 [MEDIUM] CWE-79 CVE-2021-20771: Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allow
Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.
nvd
CVE-2020-5568P4MEDIUMCVSS 6.1≥ 4.6.0, ≤ 5.0.02020-04-28
CVE-2020-5568 [MEDIUM] CWE-79 CVE-2020-5568: Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'.
nvd