cbcvebase.

Cybozu Garoon vulnerabilities

198 known vulnerabilities affecting cybozu/garoon.

Total CVEs
198
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH24MEDIUM158LOW12

Vulnerabilities

Page 9 of 10
CVE-2015-7776P4MEDIUMCVSS 4.3v3.0.0v3.0.1+22 more2016-06-19
CVE-2015-7776 [MEDIUM] CWE-200 CVE-2015-7776: Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which mak Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.
nvd
CVE-2016-1196P4MEDIUMCVSS 4.3v3.0.0v3.0.1+23 more2016-06-19
CVE-2016-1196 [MEDIUM] CVE-2016-1196: Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access r Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.
nvd
CVE-2014-1993P4MEDIUMCVSS 4.0v2.0.0v2.1.0+23 more2014-07-20
CVE-2014-1993 [MEDIUM] CWE-264 CVE-2014-1993: The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
nvd
CVE-2024-31398P4MEDIUMCVSS 4.3≥ 5.0.0, ≤ 5.15.22024-06-11
CVE-2024-31398 [MEDIUM] CVE-2024-31398: Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.
nvd
CVE-2013-6003P4LOWCVSS 3.5v3.1v3.52013-12-05
CVE-2013-6003 [LOW] CWE-20 CVE-2013-6003: CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors.
nvd
CVE-2017-2254P4MEDIUMCVSS 4.9v3.5.0v3.5.1+19 more2017-08-29
CVE-2017-2254 [MEDIUM] CWE-20 CVE-2017-2254: Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input
nvd
CVE-2019-5932P4MEDIUMCVSS 4.8≥ 4.6.0, ≤ 4.6.32019-05-17
CVE-2019-5932 [MEDIUM] CWE-79 CVE-2019-5932: Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attac Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Portal'.
nvd
CVE-2017-2146P4MEDIUMCVSS 4.8v3.0.0v3.0.1+25 more2017-07-07
CVE-2017-2146 [MEDIUM] CWE-79 CVE-2017-2146: Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.
nvd
CVE-2020-5585P4MEDIUMCVSS 4.8≥ 5.0.0, ≤ 5.0.12020-06-30
CVE-2020-5585 [MEDIUM] CWE-79 CVE-2020-5585: Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrato Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
nvd
CVE-2017-2093P4MEDIUMCVSS 4.3v3.0.0v3.0.1+26 more2017-04-28
CVE-2017-2093 [MEDIUM] CWE-200 CVE-2017-2093: Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via un Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.
nvd
CVE-2008-6570P4MEDIUMCVSS 4.3v2.0.0v2.0.1+9 more2009-03-31
CVE-2008-6570 [MEDIUM] CWE-79 CVE-2008-6570: Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu Garoon 2.0.0 through 2.1.3 allo Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.
nvd
CVE-2016-4909P4MEDIUMCVSS 4.3v3.0.0v3.0.1+25 more2017-06-09
CVE-2016-4909 [MEDIUM] CWE-352 CVE-2016-4909: Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attack Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.
nvd
CVE-2013-6901P4MEDIUMCVSS 4.3≤ 3.5v2.0+5 more2013-12-05
CVE-2013-6901 [MEDIUM] CWE-79 CVE-2013-6901: Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when F Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-6903P4MEDIUMCVSS 4.3≤ 3.5v2.0+5 more2013-12-05
CVE-2013-6903 [MEDIUM] CWE-79 CVE-2013-6903: Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-6909P4MEDIUMCVSS 4.3≤ 3.5v2.0+5 more2013-12-05
CVE-2013-6909 [MEDIUM] CWE-79 CVE-2013-6909: Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-6902P4MEDIUMCVSS 4.3≤ 3.5v2.0+5 more2013-12-05
CVE-2013-6902 [MEDIUM] CWE-79 CVE-2013-6902: Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-6900P4MEDIUMCVSS 4.3≤ 3.5v2.0+5 more2013-12-05
CVE-2013-6900 [MEDIUM] CWE-79 CVE-2013-6900: Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon bef Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2011-1333P4MEDIUMCVSS 4.3v2.0.0v2.0.1+9 more2011-06-29
CVE-2011-1333 [MEDIUM] CWE-79 CVE-2011-1333: Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 al Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the bulletin board system."
nvd
CVE-2011-1334P4MEDIUMCVSS 4.3v2.0.0v2.0.1+9 more2011-06-29
CVE-2011-1334 [MEDIUM] CWE-79 CVE-2011-1334: Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybo Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the mail system."
nvd
CVE-2013-6910P4MEDIUMCVSS 4.3≤ 3.5v2.0+5 more2013-12-05
CVE-2013-6910 [MEDIUM] CWE-79 CVE-2013-6910: Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu Garoon before 3.7.0 allows rem Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
Cybozu Garoon vulnerabilities | cvebase