cbcvebase.

Cybozu Garoon vulnerabilities

198 known vulnerabilities affecting cybozu/garoon.

Total CVEs
198
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH24MEDIUM158LOW12

Vulnerabilities

Page 6 of 10
CVE-2023-27384P4MEDIUMCVSS 4.3v5.15.02023-05-23
CVE-2023-27384 [MEDIUM] CWE-863 CVE-2023-27384: Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote au Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.
nvd
CVE-2016-4906P4MEDIUMCVSS 6.1v3.0.0v3.0.1+25 more2017-06-09
CVE-2016-4906 [MEDIUM] CWE-79 CVE-2016-4906: Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.
nvd
CVE-2016-1216P4MEDIUMCVSS 6.1≤ 4.2.12017-04-20
CVE-2016-1216 [MEDIUM] CWE-79 CVE-2016-1216: Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4 Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.
nvd
CVE-2019-5928P4MEDIUMCVSS 6.1≥ 4.0.0, ≤ 4.6.32019-05-17
CVE-2019-5928 [MEDIUM] CWE-79 CVE-2019-5928: Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.
nvd
CVE-2019-5929P4MEDIUMCVSS 6.1≥ 4.0.0, ≤ 4.6.32019-05-17
CVE-2019-5929 [MEDIUM] CWE-79 CVE-2019-5929: Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application 'Memo'.
nvd
CVE-2019-5938P4MEDIUMCVSS 6.1≥ 4.0.0, ≤ 4.10.12019-05-17
CVE-2019-5938 [MEDIUM] CWE-79 CVE-2019-5938: Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to injec Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'.
nvd
CVE-2020-5564P4MEDIUMCVSS 6.1≥ 4.0.0, ≤ 4.10.32020-04-28
CVE-2020-5564 [MEDIUM] CWE-79 CVE-2020-5564: Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to injec Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'.
nvd
CVE-2017-2257P4MEDIUMCVSS 6.1v3.0.0v3.0.1+27 more2017-08-29
CVE-2017-2257 [MEDIUM] CWE-79 CVE-2017-2257: Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbi Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.
nvd
CVE-2019-5937P4MEDIUMCVSS 5.4≥ 4.0.0, ≤ 4.10.12019-05-17
CVE-2019-5937 [MEDIUM] CWE-79 CVE-2019-5937: Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated atta Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information.
nvd
CVE-2019-5975P4MEDIUMCVSS 5.4≥ 4.6.0, ≤ 4.10.22019-09-12
CVE-2019-5975 [MEDIUM] CWE-79 CVE-2019-5975: DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenti DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2015-7775P4MEDIUMCVSS 5.4v4.0.32016-06-19
CVE-2015-7775 [MEDIUM] CWE-79 CVE-2015-7775: Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197.
nvd
CVE-2021-20753P4MEDIUMCVSS 5.4≥ 4.0.0, ≤ 5.0.22021-08-18
CVE-2021-20753 [MEDIUM] CWE-79 CVE-2021-20753: Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote auth Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
nvd
CVE-2021-20770P4MEDIUMCVSS 5.4≥ 4.6.0, ≤ 5.0.22021-08-18
CVE-2021-20770 [MEDIUM] CWE-79 CVE-2021-20770: Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authen Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
nvd
CVE-2021-20769P4MEDIUMCVSS 5.4≥ 4.6.0, ≤ 5.0.22021-08-18
CVE-2021-20769 [MEDIUM] CWE-79 CVE-2021-20769: Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authe Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
nvd
CVE-2021-20774P4MEDIUMCVSS 5.4≥ 4.0.0, ≤ 5.5.02021-08-18
CVE-2021-20774 [MEDIUM] CWE-79 CVE-2021-20774: Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allow Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
nvd
CVE-2016-7801P4MEDIUMCVSS 4.3v3.0.0v3.0.1+25 more2017-06-09
CVE-2016-7801 [MEDIUM] CWE-284 CVE-2016-7801: Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other u Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.
nvd
CVE-2021-20763P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 5.0.22021-08-18
CVE-2021-20763 [MEDIUM] CVE-2021-20763: Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a rem Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.
nvd
CVE-2021-20756P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 5.0.22021-08-18
CVE-2021-20756 [MEDIUM] CVE-2021-20756: Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.
nvd
CVE-2021-20755P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 5.0.22021-08-18
CVE-2021-20755 [MEDIUM] CVE-2021-20755: Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege.
nvd
CVE-2020-5582P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 5.0.12020-06-30
CVE-2020-5582 [MEDIUM] CVE-2020-5582: Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to a Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors.
nvd
Cybozu Garoon vulnerabilities | cvebase