) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:cybozu:garoon:3.0.3
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2017-2093 |
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. Published: April 28, 2017; 12:59:00 PM -0400 |
V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2017-2092 |
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Published: April 28, 2017; 12:59:00 PM -0400 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2017-2091 |
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. Published: April 28, 2017; 12:59:00 PM -0400 |
V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2016-1220 |
Cybozu Garoon before 4.2.2 does not properly restrict access. Published: April 20, 2017; 2:59:00 PM -0400 |
V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2016-1218 |
SQL injection vulnerability in Cybozu Garoon before 4.2.2. Published: April 20, 2017; 2:59:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2016-1217 |
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. Published: April 20, 2017; 2:59:00 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-1216 |
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2. Published: April 20, 2017; 2:59:00 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-1215 |
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2. Published: April 20, 2017; 2:59:00 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-1214 |
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2. Published: April 20, 2017; 2:59:00 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-1213 |
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. Published: April 20, 2017; 2:59:00 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
| CVE-2016-1219 |
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. Published: April 20, 2017; 1:59:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2016-1196 |
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776. Published: June 19, 2016; 4:59:06 PM -0400 |
V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2016-1191 |
Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors. Published: June 19, 2016; 4:59:04 PM -0400 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2015-7776 |
Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196. Published: June 19, 2016; 4:59:01 PM -0400 |
V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-1195 |
Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Published: June 19, 2016; 11:59:01 AM -0400 |
V3.0: 7.4 HIGH V2.0: 5.8 MEDIUM |
| CVE-2015-5647 |
The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866. Published: October 12, 2015; 6:59:08 AM -0400 |
V3.x:(not available) V2.0: 8.5 HIGH |
| CVE-2015-5646 |
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867. Published: October 12, 2015; 6:59:06 AM -0400 |
V3.x:(not available) V2.0: 8.5 HIGH |
| CVE-2015-5649 |
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges. Published: October 08, 2015; 4:59:00 PM -0400 |
V3.x:(not available) V2.0: 7.0 HIGH |
| CVE-2014-1995 |
Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Published: July 20, 2014; 7:12:49 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
| CVE-2014-1994 |
Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Published: July 20, 2014; 7:12:49 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |