Garoon

CVEs (81)

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-1219	Cri	0.64	9.8	0.04	Apr 20, 2017	Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.
CVE-2016-7803	Hig	0.57	8.8	0.01	Jun 9, 2017	SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
CVE-2016-4907	Hig	0.57	8.8	0.00	Jun 9, 2017	Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
CVE-2016-1218	Hig	0.57	8.8	0.01	Apr 20, 2017	SQL injection vulnerability in Cybozu Garoon before 4.2.2.
CVE-2016-1189	Hig	0.53	8.1	0.00	Jun 25, 2016	Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.
CVE-2016-1193	Hig	0.49	7.5	0.00	Jun 25, 2016	Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.
CVE-2016-7802	Med	0.43	6.5	0.04	Jun 9, 2017	Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
CVE-2016-1190	Med	0.42	6.5	0.00	Jun 25, 2016	Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.
CVE-2016-1188	Med	0.42	6.5	0.00	Jun 25, 2016	Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.
CVE-2017-2257	Med	0.40	6.1	0.00	Aug 29, 2017	Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.
CVE-2016-4906	Med	0.40	6.1	0.00	Jun 9, 2017	Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.
CVE-2016-1217	Med	0.40	6.1	0.00	Apr 20, 2017	Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.
CVE-2016-1216	Med	0.40	6.1	0.00	Apr 20, 2017	Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.
CVE-2016-1215	Med	0.40	6.1	0.00	Apr 20, 2017	Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.
CVE-2016-1214	Med	0.40	6.1	0.00	Apr 20, 2017	Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.
CVE-2016-1213	Med	0.40	6.1	0.00	Apr 20, 2017	The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.
CVE-2016-1197	Med	0.40	6.1	0.00	Jun 19, 2016	Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775.
CVE-2017-2256	Med	0.35	5.4	0.00	Aug 29, 2017	Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo".
CVE-2017-2255	Med	0.35	5.4	0.00	Aug 29, 2017	Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".
CVE-2017-2145	Med	0.35	5.4	0.00	Jul 7, 2017	Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.