Cybozu Office 9.1.0

CPE Details

Cybozu Office 9.1.0
9.1.0
2016-02-22
14h55 +00:00
2016-02-22
14h55 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:cybozu:office:9.1.0:*:*:*:*:*:*:*

Informations

Vendor

cybozu

Product

office

Version

9.1.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2016-4865 2017-04-17 13h00 +00:00 Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.
4.8
Medium
CVE-2016-4866 2017-04-17 13h00 +00:00 Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.
4.8
Medium
CVE-2016-4867 2017-04-17 13h00 +00:00 Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.
4.3
Medium
CVE-2016-4868 2017-04-17 13h00 +00:00 Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.
4.3
Medium
CVE-2016-4869 2017-04-17 13h00 +00:00 Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.
6.5
Medium
CVE-2016-4870 2017-04-17 13h00 +00:00 Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.
5.4
Medium
CVE-2016-4871 2017-04-17 13h00 +00:00 Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.
6.5
Medium
CVE-2016-4872 2017-04-17 13h00 +00:00 Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.
4.3
Medium
CVE-2016-4873 2017-04-17 13h00 +00:00 Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.
4.3
Medium
CVE-2016-4874 2017-04-17 13h00 +00:00 Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.
3.5
Low
CVE-2015-7795 2016-02-17 01h00 +00:00 Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
6.1
Medium
CVE-2015-7796 2016-02-17 01h00 +00:00 Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
6.1
Medium
CVE-2015-7797 2016-02-17 01h00 +00:00 Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
6.1
Medium
CVE-2015-7798 2016-02-17 01h00 +00:00 Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150.
6.1
Medium
CVE-2015-8483 2016-02-17 01h00 +00:00 Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
7.4
High
CVE-2015-8487 2016-02-17 01h00 +00:00 Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488.
4.3
Medium
CVE-2016-1149 2016-02-17 01h00 +00:00 Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150.
6.1
Medium
CVE-2016-1150 2016-02-17 01h00 +00:00 Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149.
6.1
Medium
CVE-2014-5314 2014-11-24 01h00 +00:00 Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.
9
CVE-2013-4703 2013-09-10 10h00 +00:00 Cross-site scripting (XSS) vulnerability in the top-page customization feature in Cybozu Office before 9.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3