CVE ID | Published | Description | Score | Severity |
---|---|---|---|---|
Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function. | 7.5 |
High |
||
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors. | 4.3 |
Medium |
||
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors. | 2.7 |
Low |
||
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors. | 4.9 |
Medium |
||
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
Medium |
||
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
Medium |
||
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. | 6.1 |
Medium |
||
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2. | 6.1 |
Medium |
||
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2. | 6.1 |
Medium |
||
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2. | 6.1 |
Medium |
||
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. | 6.1 |
Medium |
||
SQL injection vulnerability in Cybozu Garoon before 4.2.2. | 8.8 |
High |
||
Cybozu Garoon before 4.2.2 does not properly restrict access. | 4.3 |
Medium |
||
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. | 9.8 |
Critical |
||
Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors. | 4.9 |
|||
Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors. | 4 |
|||
SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931. | 6.5 |
|||
Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. | 5.8 |
|||
SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input. | 6.5 |
|||
SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
|||
The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | 5 |
|||
CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors. | 3.5 |
|||
Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors. | 6.8 |
|||
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
|||
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
|||
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
|||
Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
|||
Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
|||
Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
|||
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
|||
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
|||
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
|||
Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
|||
Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
|||
Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
|||
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
|||
Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
|||
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
|||
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
|||
Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |