Cybozu Office 9.1.0

CPE Details

Cybozu Office 9.1.0
cybozu
office
9.1.0
2016-02-22
14h55 +00:00
2016-02-22
14h55 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*

Informations

Vendor

cybozu

Product

office

Version

9.1.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2016-4865 2017-04-17 13h00 +00:00 Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.
4.8
Medium
CVE-2016-4866 2017-04-17 13h00 +00:00 Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.
4.8
Medium
CVE-2016-4867 2017-04-17 13h00 +00:00 Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.
4.3
Medium
CVE-2016-4868 2017-04-17 13h00 +00:00 Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.
4.3
Medium
CVE-2016-4869 2017-04-17 13h00 +00:00 Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.
6.5
Medium
CVE-2016-4870 2017-04-17 13h00 +00:00 Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.
5.4
Medium
CVE-2016-4871 2017-04-17 13h00 +00:00 Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.
6.5
Medium
CVE-2016-4872 2017-04-17 13h00 +00:00 Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.
4.3
Medium
CVE-2016-4873 2017-04-17 13h00 +00:00 Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.
4.3
Medium
CVE-2016-4874 2017-04-17 13h00 +00:00 Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.
3.5
Low
CVE-2015-7795 2016-02-17 01h00 +00:00 Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
6.1
Medium
CVE-2015-7796 2016-02-17 01h00 +00:00 Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
6.1
Medium
CVE-2015-7797 2016-02-17 01h00 +00:00 Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
6.1
Medium
CVE-2015-7798 2016-02-17 01h00 +00:00 Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150.
6.1
Medium
CVE-2015-8483 2016-02-17 01h00 +00:00 Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
7.4
High
CVE-2015-8487 2016-02-17 01h00 +00:00 Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488.
4.3
Medium
CVE-2016-1149 2016-02-17 01h00 +00:00 Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150.
6.1
Medium
CVE-2016-1150 2016-02-17 01h00 +00:00 Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149.
6.1
Medium
CVE-2014-5314 2014-11-24 01h00 +00:00 Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.
9
CVE-2013-4703 2013-09-10 10h00 +00:00 Cross-site scripting (XSS) vulnerability in the top-page customization feature in Cybozu Office before 9.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.