GCVE - cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:cybozu:office:9.2.0:*:*:*:*:*:*:*

part: a version: 9.2.0 update: *

Vendor	Cybozu (`6c3c6c19-80d3-5353-ad46-e08ec1369448`)
Product	Office (`3e47509a-1a03-5002-929e-9c2c66c074a0`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-4874`	vulnerable	2026-06-03 14:35:53.648485	Details available Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.544Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000193.html https://support.cybozu.com/ja-jp/article/9434 http://jvn.jp/en/jp/JVN11288252/index.html http://www.securityfocus.com/bid/97719	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4873`	vulnerable	2026-06-03 14:35:53.647849	Details available Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.532Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9442 http://www.securityfocus.com/bid/93461 http://jvn.jp/en/jp/JVN07148816/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4872`	vulnerable	2026-06-03 14:35:53.647126	Details available Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.546Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9424 http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000188.html http://www.securityfocus.com/bid/93461 http://jvn.jp/en/jp/JVN07148816/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4871`	vulnerable	2026-06-03 14:35:53.646476	Details available Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:39.435Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/97716 https://support.cybozu.com/ja-jp/article/9426 http://jvn.jp/en/jp/JVN10092452/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000192.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4870`	vulnerable	2026-06-03 14:35:53.645840	Details available Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:39.227Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/93281 https://support.cybozu.com/ja-jp/article/9427 http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000186.html http://jvn.jp/en/jp/JVN06726266/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4869`	vulnerable	2026-06-03 14:35:53.645186	Details available Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.556Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/97715 http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html http://jvn.jp/en/jp/JVN09736331/index.html https://support.cybozu.com/ja-jp/article/9428	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4868`	vulnerable	2026-06-03 14:35:53.644512	Details available Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.547Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9433 http://www.securityfocus.com/bid/97713 http://jvn.jp/en/jp/JVN08736331/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4867`	vulnerable	2026-06-03 14:35:53.643748	Details available Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.555Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000187.html http://www.securityfocus.com/bid/93461 http://jvn.jp/en/jp/JVN07148816/index.html https://support.cybozu.com/ja-jp/article/9429	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4866`	vulnerable	2026-06-03 14:35:53.643055	Details available Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.521Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html http://www.securityfocus.com/bid/93281 https://support.cybozu.com/ja-jp/article/9431 http://jvn.jp/en/jp/JVN06726266/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4865`	vulnerable	2026-06-03 14:35:53.635654	Details available Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.546Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9430 http://www.securityfocus.com/bid/93281 http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html http://jvn.jp/en/jp/JVN06726266/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1150`	vulnerable	2026-06-03 14:35:30.759854	Details available Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-05T22:48:13.005Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 https://cs.cybozu.co.jp/2015/006072.html https://cs.cybozu.co.jp/2015/006087.html https://cs.cybozu.co.jp/2016/006107.html http://jvn.jp/en/jp/JVN69278491/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1149`	vulnerable	2026-06-03 14:35:30.753308	Details available Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-05T22:48:12.977Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 https://cs.cybozu.co.jp/2015/006072.html https://cs.cybozu.co.jp/2015/006087.html https://cs.cybozu.co.jp/2016/006107.html http://jvn.jp/en/jp/JVN69278491/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8487`	vulnerable	2026-06-03 14:35:12.076827	Details available Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T08:20:42.428Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN47296923/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000022 https://cs.cybozu.co.jp/2015/006071.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8483`	vulnerable	2026-06-03 14:35:12.074819	Details available Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T08:20:42.424Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN71428831/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000025 https://cs.cybozu.co.jp/2015/006088.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7798`	vulnerable	2026-06-03 14:35:09.949946	Details available Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T07:58:59.914Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 https://cs.cybozu.co.jp/2015/006072.html https://cs.cybozu.co.jp/2015/006087.html https://cs.cybozu.co.jp/2016/006107.html http://jvn.jp/en/jp/JVN69278491/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7797`	vulnerable	2026-06-03 14:35:09.949291	Details available Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T07:58:59.893Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 https://cs.cybozu.co.jp/2015/006072.html https://cs.cybozu.co.jp/2015/006087.html https://cs.cybozu.co.jp/2016/006107.html http://jvn.jp/en/jp/JVN69278491/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7796`	vulnerable	2026-06-03 14:35:09.948618	Details available Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T07:59:00.384Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 https://cs.cybozu.co.jp/2015/006072.html https://cs.cybozu.co.jp/2015/006087.html https://cs.cybozu.co.jp/2016/006107.html http://jvn.jp/en/jp/JVN69278491/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7795`	vulnerable	2026-06-03 14:35:09.942066	Details available Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T07:58:59.980Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 https://cs.cybozu.co.jp/2015/006072.html https://cs.cybozu.co.jp/2015/006087.html https://cs.cybozu.co.jp/2016/006107.html http://jvn.jp/en/jp/JVN69278491/index.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.