cbcvebase.

Cybozu Inc Cybozu Garoon vulnerabilities

127 known vulnerabilities affecting cybozu_inc/cybozu_garoon.

Total CVEs
127
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH15MEDIUM108LOW2

Vulnerabilities

Page 3 of 7
CVE-2019-5933P4MEDIUMCVSS 4.3v4.0.0 to 4.10.02019-05-17
CVE-2019-5933 [MEDIUM] CVE-2019-5933: Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application 'Bulletin'.
nvd
CVE-2022-27627P4MEDIUMCVSS 6.1v4.10.2 to 5.5.12022-07-04
CVE-2022-27627 [MEDIUM] CWE-79 CVE-2022-27627: Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 al Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.
nvd
CVE-2017-2144P4MEDIUMCVSS 5.4v3.0.0 to 4.2.42017-07-07
CVE-2017-2144 [MEDIUM] CVE-2017-2144: Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially c Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.
nvd
CVE-2019-5942P4MEDIUMCVSS 4.3v4.0.0 to 4.10.12019-05-17
CVE-2019-5942 [MEDIUM] CVE-2019-5942: Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'.
nvd
CVE-2019-5941P4MEDIUMCVSS 4.3v4.0.0 to 4.10.12019-05-17
CVE-2019-5941 [MEDIUM] CVE-2019-5941: Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alt Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application 'Multi Report'.
nvd
CVE-2019-5939P4MEDIUMCVSS 6.1v4.0.0 to 4.10.12019-05-17
CVE-2019-5939 [MEDIUM] CWE-79 CVE-2019-5939: Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to injec Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'.
nvd
CVE-2019-5940P4MEDIUMCVSS 6.1v4.0.0 to 4.10.12019-05-17
CVE-2019-5940 [MEDIUM] CWE-79 CVE-2019-5940: Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to injec Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'.
nvd
CVE-2021-20765P4MEDIUMCVSS 6.1v4.0.0 to 5.0.22021-08-18
CVE-2021-20765 [MEDIUM] CWE-79 CVE-2021-20765: Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attac Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
nvd
CVE-2021-20771P4MEDIUMCVSS 6.1v4.0.0 to 5.5.02021-08-18
CVE-2021-20771 [MEDIUM] CWE-79 CVE-2021-20771: Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allow Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.
nvd
CVE-2020-5568P4MEDIUMCVSS 6.1v4.6.0 to 5.0.02020-04-28
CVE-2020-5568 [MEDIUM] CWE-79 CVE-2020-5568: Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'.
nvd
CVE-2021-20766P4MEDIUMCVSS 6.1v4.0.0 to 5.0.22021-08-18
CVE-2021-20766 [MEDIUM] CWE-79 CVE-2021-20766: Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attack Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
nvd
CVE-2021-20767P4MEDIUMCVSS 5.4v4.0.0 to 5.0.22021-08-18
CVE-2021-20767 [MEDIUM] CWE-79 CVE-2021-20767: Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remo Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
nvd
CVE-2024-39457P4MEDIUMCVSS 5.4v6.0.0 to 6.0.12024-07-19
CVE-2024-39457 [MEDIUM] CWE-79 CVE-2024-39457: Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this v Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser.
nvd
CVE-2020-5588P4MEDIUMCVSS 4.9v5.0.0 to 5.0.12020-06-30
CVE-2020-5588 [MEDIUM] CWE-22 CVE-2020-5588: Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator righ Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors.
nvd
CVE-2018-0548P4MEDIUMCVSS 4.3v4.0.0 to 4.6.02018-04-16
CVE-2018-0548 [MEDIUM] CVE-2018-0548: Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to v Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of "Space" via unspecified vectors.
nvd
CVE-2019-5943P4MEDIUMCVSS 4.3v4.0.0 to 4.10.12019-05-17
CVE-2019-5943 [MEDIUM] CVE-2019-5943: Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application 'Bulletin' and the application 'Cabinet'.
nvd
CVE-2017-2095P4MEDIUMCVSS 4.3v3.0.0 to 4.2.32017-04-28
CVE-2017-2095 [MEDIUM] CVE-2017-2095: Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in t Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.
nvd
CVE-2017-2091P4MEDIUMCVSS 4.3v3.0.0 to 4.2.32017-04-28
CVE-2017-2091 [MEDIUM] CVE-2017-2091: Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in P Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.
nvd
CVE-2016-4908P4MEDIUMCVSS 4.3v3.0.0 to 4.2.22017-06-09
CVE-2016-4908 [MEDIUM] CWE-284 CVE-2016-4908: Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to a Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.
nvd
CVE-2019-5935P4MEDIUMCVSS 4.3v4.0.0 to 4.10.12019-05-17
CVE-2019-5935 [MEDIUM] CVE-2019-5935: Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information.
nvd
Cybozu Inc Cybozu Garoon vulnerabilities | cvebase