Cybozu Garoon vulnerabilities
198 known vulnerabilities affecting cybozu/garoon.
Total CVEs
198
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH24MEDIUM158LOW12
Vulnerabilities
Page 7 of 10
CVE-2022-29471P4MEDIUMCVSS 4.3≥ 4.6.0, ≤ 5.9.02022-07-04
CVE-2022-29471 [MEDIUM] CVE-2022-29471: Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated a
Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.
nvd
CVE-2022-30943P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 5.9.12022-07-11
CVE-2022-30943 [MEDIUM] CVE-2022-30943: Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remot
Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.
nvd
CVE-2022-28718P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 5.5.12022-07-04
CVE-2022-28718 [MEDIUM] CVE-2022-28718: Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remot
Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.
nvd
CVE-2022-26054P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 5.5.12022-07-04
CVE-2022-26054 [MEDIUM] CVE-2022-26054: Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote a
Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.
nvd
CVE-2022-26051P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 5.5.12022-07-04
CVE-2022-26051 [MEDIUM] CVE-2022-26051: Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.
nvd
CVE-2022-31472P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 5.5.12022-07-11
CVE-2022-31472 [MEDIUM] CVE-2022-31472: Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote a
Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.
nvd
CVE-2022-28692P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 5.5.12022-07-04
CVE-2022-28692 [MEDIUM] CWE-20 CVE-2022-28692: Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote
Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.
nvd
CVE-2024-31402P4MEDIUMCVSS 4.3≥ 5.0.0, ≤ 5.15.22024-06-11
CVE-2024-31402 [MEDIUM] CWE-863 CVE-2024-31402: Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.
nvd
CVE-2016-1215P4MEDIUMCVSS 6.1≤ 4.2.12017-04-20
CVE-2016-1215 [MEDIUM] CWE-79 CVE-2016-1215: Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.
nvd
CVE-2017-2092P4MEDIUMCVSS 5.4v3.0.0v3.0.1+26 more2017-04-28
CVE-2017-2092 [MEDIUM] CWE-79 CVE-2017-2092: Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attac
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2019-5947P4MEDIUMCVSS 5.4≥ 4.6.0, ≤ 4.10.12019-05-17
CVE-2019-5947 [MEDIUM] CWE-79 CVE-2019-5947: Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated atta
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'.
nvd
CVE-2018-0551P4MEDIUMCVSS 5.4≥ 3.0.0, ≤ 4.6.12018-04-16
CVE-2018-0551 [MEDIUM] CWE-79 CVE-2018-0551: Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attac
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2018-0549P4MEDIUMCVSS 5.4≥ 3.0.0, ≤ 4.6.02018-04-16
CVE-2018-0549 [MEDIUM] CWE-79 CVE-2018-0549: Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attac
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2017-2256P4MEDIUMCVSS 5.4v3.0.0v3.0.1+27 more2017-08-29
CVE-2017-2256 [MEDIUM] CWE-79 CVE-2017-2256: Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbi
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo".
nvd
CVE-2017-2255P4MEDIUMCVSS 5.4v3.7.0v3.7.1+13 more2017-08-29
CVE-2017-2255 [MEDIUM] CWE-79 CVE-2017-2255: Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbi
Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".
nvd
CVE-2021-20754P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 5.0.22021-08-18
CVE-2021-20754 [MEDIUM] CWE-20 CVE-2021-20754: Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote
Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege.
nvd
CVE-2020-5565P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 4.10.32020-04-28
CVE-2020-5565 [MEDIUM] CWE-20 CVE-2020-5565: Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticat
Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'.
nvd
CVE-2014-0820P4MEDIUMCVSS 4.0v2.0v2.0.0+22 more2014-02-27
CVE-2014-0820 [MEDIUM] CWE-22 CVE-2014-0820: Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x
Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors.
nvd
CVE-2022-27807P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 5.5.12022-07-04
CVE-2022-27807 [MEDIUM] CWE-20 CVE-2022-27807: Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote auth
Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.
nvd
CVE-2022-27803P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 5.5.12022-07-04
CVE-2022-27803 [MEDIUM] CWE-20 CVE-2022-27803: Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote aut
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.
nvd