Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:cybozu:garoon:3.0.2
There are 64 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2017-2093

Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.

Published: April 28, 2017; 12:59:00 PM -0400
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-2092

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: April 28, 2017; 12:59:00 PM -0400
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-2091

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.

Published: April 28, 2017; 12:59:00 PM -0400
V3.0: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-1220

Cybozu Garoon before 4.2.2 does not properly restrict access.

Published: April 20, 2017; 2:59:00 PM -0400
V3.0: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-1218

SQL injection vulnerability in Cybozu Garoon before 4.2.2.

Published: April 20, 2017; 2:59:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2016-1217

Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.

Published: April 20, 2017; 2:59:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1216

Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.

Published: April 20, 2017; 2:59:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1215

Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.

Published: April 20, 2017; 2:59:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1214

Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.

Published: April 20, 2017; 2:59:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1213

The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.

Published: April 20, 2017; 2:59:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2016-1219

Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.

Published: April 20, 2017; 1:59:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-1196

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.

Published: June 19, 2016; 4:59:06 PM -0400
V3.0: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-1191

Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors.

Published: June 19, 2016; 4:59:04 PM -0400
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2015-7776

Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.

Published: June 19, 2016; 4:59:01 PM -0400
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1195

Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

Published: June 19, 2016; 11:59:01 AM -0400
V3.0: 7.4 HIGH
V2.0: 5.8 MEDIUM
CVE-2015-5647

The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866.

Published: October 12, 2015; 6:59:08 AM -0400
V3.x:(not available)
V2.0: 8.5 HIGH
CVE-2015-5646

Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867.

Published: October 12, 2015; 6:59:06 AM -0400
V3.x:(not available)
V2.0: 8.5 HIGH
CVE-2015-5649

Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges.

Published: October 08, 2015; 4:59:00 PM -0400
V3.x:(not available)
V2.0: 7.0 HIGH
CVE-2014-1995

Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Published: July 20, 2014; 7:12:49 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-1994

Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Published: July 20, 2014; 7:12:49 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW