VYPR

Office

by Cybozu

CVEs (81)

  • CVE-2025-34046CriJun 26, 2025
    risk 0.65cvss epss 0.01

    An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly validates uploaded files when invoked with certain parameters…

  • CVE-2016-1151HigFeb 17, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users.

  • CVE-2015-8483HigFeb 17, 2016
    risk 0.48cvss 7.4epss 0.01

    Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

  • CVE-2016-4871MedApr 17, 2017
    risk 0.42cvss 6.5epss 0.02

    Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.

  • CVE-2016-4869MedApr 17, 2017
    risk 0.42cvss 6.5epss 0.02

    Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.

  • CVE-2016-1153MedFeb 17, 2016
    risk 0.42cvss 6.5epss 0.02

    customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489.

  • CVE-2015-8489MedFeb 17, 2016
    risk 0.42cvss 6.5epss 0.02

    customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153.

  • CVE-2018-0567MedJun 26, 2018
    risk 0.41cvss 6.3epss 0.01

    Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors.

  • CVE-2018-0565MedJun 26, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2018-0527MedJun 26, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-1150MedFeb 17, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149.

  • CVE-2016-1149MedFeb 17, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150.

  • CVE-2015-7798MedFeb 17, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150.

  • CVE-2015-7797MedFeb 17, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.

  • CVE-2015-7796MedFeb 17, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.

  • CVE-2015-7795MedFeb 17, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.

  • CVE-2017-2114MedApr 28, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-4870MedApr 17, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.

  • CVE-2016-1152MedFeb 17, 2016
    risk 0.35cvss 5.4epss 0.01

    Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486.

  • CVE-2015-8486MedFeb 17, 2016
    risk 0.35cvss 5.4epss 0.01

    Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152.

Page 1 of 5