cbcvebase.

Cybozu Inc Cybozu Garoon vulnerabilities

127 known vulnerabilities affecting cybozu_inc/cybozu_garoon.

Total CVEs
127
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH15MEDIUM108LOW2

Vulnerabilities

Page 7 of 7
CVE-2019-5932P4MEDIUMCVSS 4.8v4.6.0 to 4.6.32019-05-17
CVE-2019-5932 [MEDIUM] CWE-79 CVE-2019-5932: Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attac Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Portal'.
nvd
CVE-2017-2146P4MEDIUMCVSS 4.8v3.0.0 to 4.2.42017-07-07
CVE-2017-2146 [MEDIUM] CWE-79 CVE-2017-2146: Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.
nvd
CVE-2020-5585P4MEDIUMCVSS 4.8v5.0.0 to 5.0.12020-06-30
CVE-2020-5585 [MEDIUM] CWE-79 CVE-2020-5585: Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrato Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
nvd
CVE-2017-2093P4MEDIUMCVSS 4.3v3.0.0 to 4.2.32017-04-28
CVE-2017-2093 [MEDIUM] CWE-200 CVE-2017-2093: Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via un Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.
nvd
CVE-2016-4909P4MEDIUMCVSS 4.3v3.0.0 to 4.2.22017-06-09
CVE-2016-4909 [MEDIUM] CWE-352 CVE-2016-4909: Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attack Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.
nvd
CVE-2018-0532P4LOWCVSS 2.7v3.0.0 to 4.2.62018-04-16
CVE-2018-0532 [LOW] CWE-79 CVE-2018-0532: Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to a Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors.
nvd
CVE-2021-20761P4LOWCVSS 2.7v4.0.0 to 5.0.22021-08-18
CVE-2021-20761 [LOW] CWE-20 CVE-2021-20761: Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote at Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.
nvd
Cybozu Inc Cybozu Garoon vulnerabilities | cvebase