Garoon
by Cybozu
CVEs (200)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-27661 | 0.00 | — | 0.01 | Jul 4, 2022 | Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow. | |||
| CVE-2022-27627 | 0.00 | — | 0.01 | Jul 4, 2022 | Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser. | |||
| CVE-2022-26368 | 0.00 | — | 0.01 | Jul 4, 2022 | Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet. | |||
| CVE-2022-26054 | 0.00 | — | 0.01 | Jul 4, 2022 | Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link. | |||
| CVE-2022-26051 | 0.00 | — | 0.01 | Jul 4, 2022 | Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal. | |||
| CVE-2021-20775 | 0.00 | — | 0.01 | Aug 18, 2021 | Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege. | |||
| CVE-2021-20774 | 0.00 | — | 0.01 | Aug 18, 2021 | Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||
| CVE-2021-20773 | 0.00 | — | 0.01 | Aug 18, 2021 | There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege. | |||
| CVE-2021-20772 | 0.00 | — | 0.01 | Aug 18, 2021 | Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege. | |||
| CVE-2021-20771 | 0.00 | — | 0.01 | Aug 18, 2021 | Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||
| CVE-2021-20770 | 0.00 | — | 0.01 | Aug 18, 2021 | Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||
| CVE-2021-20769 | 0.00 | — | 0.01 | Aug 18, 2021 | Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||
| CVE-2021-20768 | 0.00 | — | 0.01 | Aug 18, 2021 | Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege. | |||
| CVE-2021-20767 | 0.00 | — | 0.01 | Aug 18, 2021 | Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||
| CVE-2021-20766 | 0.00 | — | 0.01 | Aug 18, 2021 | Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||
| CVE-2021-20765 | 0.00 | — | 0.01 | Aug 18, 2021 | Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||
| CVE-2021-20764 | 0.00 | — | 0.01 | Aug 18, 2021 | Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files. | |||
| CVE-2021-20763 | 0.00 | — | 0.01 | Aug 18, 2021 | Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege. | |||
| CVE-2021-20762 | 0.00 | — | 0.01 | Aug 18, 2021 | Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege. | |||
| CVE-2021-20761 | 0.00 | — | 0.01 | Aug 18, 2021 | Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege. |
- CVE-2022-27661Jul 4, 2022risk 0.00cvss —epss 0.01
Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.
- CVE-2022-27627Jul 4, 2022risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.
- CVE-2022-26368Jul 4, 2022risk 0.00cvss —epss 0.01
Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.
- CVE-2022-26054Jul 4, 2022risk 0.00cvss —epss 0.01
Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.
- CVE-2022-26051Jul 4, 2022risk 0.00cvss —epss 0.01
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.
- CVE-2021-20775Aug 18, 2021risk 0.00cvss —epss 0.01
Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.
- CVE-2021-20774Aug 18, 2021risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
- CVE-2021-20773Aug 18, 2021risk 0.00cvss —epss 0.01
There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.
- CVE-2021-20772Aug 18, 2021risk 0.00cvss —epss 0.01
Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.
- CVE-2021-20771Aug 18, 2021risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.
- CVE-2021-20770Aug 18, 2021risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
- CVE-2021-20769Aug 18, 2021risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
- CVE-2021-20768Aug 18, 2021risk 0.00cvss —epss 0.01
Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.
- CVE-2021-20767Aug 18, 2021risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
- CVE-2021-20766Aug 18, 2021risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
- CVE-2021-20765Aug 18, 2021risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
- CVE-2021-20764Aug 18, 2021risk 0.00cvss —epss 0.01
Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files.
- CVE-2021-20763Aug 18, 2021risk 0.00cvss —epss 0.01
Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.
- CVE-2021-20762Aug 18, 2021risk 0.00cvss —epss 0.01
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege.
- CVE-2021-20761Aug 18, 2021risk 0.00cvss —epss 0.01
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.
Page 5 of 10