VYPR

Garoon

by Cybozu

CVEs (200)

  • CVE-2016-1197MedJun 19, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775.

  • CVE-2018-0551MedApr 16, 2018
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2018-0549MedApr 16, 2018
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2017-2256MedAug 29, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo".

  • CVE-2017-2255MedAug 29, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".

  • CVE-2017-2145MedJul 7, 2017
    risk 0.35cvss 5.4epss 0.01

    Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.

  • CVE-2017-2144MedJul 7, 2017
    risk 0.35cvss 5.4epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.

  • CVE-2017-2092MedApr 28, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-1191MedJun 19, 2016
    risk 0.35cvss 5.3epss 0.02

    Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors.

  • CVE-2015-7775MedJun 19, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197.

  • CVE-2018-0533MedApr 16, 2018
    risk 0.32cvss 4.9epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors.

  • CVE-2017-2254MedAug 29, 2017
    risk 0.32cvss 4.9epss 0.01

    Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input

  • CVE-2017-2146MedJul 7, 2017
    risk 0.31cvss 4.8epss 0.01

    Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.

  • CVE-2018-0550MedApr 16, 2018
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via unspecified vectors.

  • CVE-2018-0548MedApr 16, 2018
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of "Space" via unspecified vectors.

  • CVE-2018-0531MedApr 16, 2018
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors.

  • CVE-2017-2258MedAug 29, 2017
    risk 0.28cvss 4.3epss 0.01

    Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".

  • CVE-2016-7801MedJun 9, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.

  • CVE-2016-4910MedJun 9, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.

  • CVE-2016-4909MedJun 9, 2017
    risk 0.28cvss 4.3epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.

Page 2 of 10