GCVE - cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:cybozu:office:10.3.0:*:*:*:*:*:*:*

part: a version: 10.3.0 update: *

Vendor	Cybozu (`6c3c6c19-80d3-5353-ad46-e08ec1369448`)
Product	Office (`3e47509a-1a03-5002-929e-9c2c66c074a0`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-2116`	vulnerable	2026-06-03 14:37:06.691229	Details available Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors. Published: 2017-04-28T16:00:00.000Z Updated: 2024-08-05T13:39:32.279Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN17535578/index.html http://www.securityfocus.com/bid/97717 https://support.cybozu.com/ja-jp/article/9736	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2115`	vulnerable	2026-06-03 14:37:06.690642	Details available Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. Published: 2017-04-28T16:00:00.000Z Updated: 2024-08-05T13:39:32.370Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN17535578/index.html https://support.cybozu.com/ja-jp/article/9737 http://www.securityfocus.com/bid/97717	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2114`	vulnerable	2026-06-03 14:37:06.687047	Details available Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Published: 2017-04-28T16:00:00.000Z Updated: 2024-08-05T13:39:32.252Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN17535578/index.html http://www.securityfocus.com/bid/97717 https://support.cybozu.com/ja-jp/article/9738	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-10857`	vulnerable	2026-06-03 14:36:27.245654	Details available Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function. Published: 2017-10-12T14:00:00.000Z Updated: 2024-08-05T17:50:12.589Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9811 http://jvn.jp/en/jp/JVN14658424/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4874`	vulnerable	2026-06-03 14:35:53.648678	Details available Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.544Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000193.html https://support.cybozu.com/ja-jp/article/9434 http://jvn.jp/en/jp/JVN11288252/index.html http://www.securityfocus.com/bid/97719	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4873`	vulnerable	2026-06-03 14:35:53.648044	Details available Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.532Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9442 http://www.securityfocus.com/bid/93461 http://jvn.jp/en/jp/JVN07148816/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4872`	vulnerable	2026-06-03 14:35:53.647396	Details available Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.546Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9424 http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000188.html http://www.securityfocus.com/bid/93461 http://jvn.jp/en/jp/JVN07148816/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4871`	vulnerable	2026-06-03 14:35:53.646667	Details available Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:39.435Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/97716 https://support.cybozu.com/ja-jp/article/9426 http://jvn.jp/en/jp/JVN10092452/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000192.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4870`	vulnerable	2026-06-03 14:35:53.646029	Details available Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:39.227Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/93281 https://support.cybozu.com/ja-jp/article/9427 http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000186.html http://jvn.jp/en/jp/JVN06726266/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4869`	vulnerable	2026-06-03 14:35:53.645386	Details available Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.556Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/97715 http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html http://jvn.jp/en/jp/JVN09736331/index.html https://support.cybozu.com/ja-jp/article/9428	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4868`	vulnerable	2026-06-03 14:35:53.644713	Details available Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.547Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9433 http://www.securityfocus.com/bid/97713 http://jvn.jp/en/jp/JVN08736331/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4867`	vulnerable	2026-06-03 14:35:53.643949	Details available Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.555Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000187.html http://www.securityfocus.com/bid/93461 http://jvn.jp/en/jp/JVN07148816/index.html https://support.cybozu.com/ja-jp/article/9429	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4866`	vulnerable	2026-06-03 14:35:53.643268	Details available Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.521Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html http://www.securityfocus.com/bid/93281 https://support.cybozu.com/ja-jp/article/9431 http://jvn.jp/en/jp/JVN06726266/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4865`	vulnerable	2026-06-03 14:35:53.641667	Details available Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.546Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9430 http://www.securityfocus.com/bid/93281 http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html http://jvn.jp/en/jp/JVN06726266/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1153`	vulnerable	2026-06-03 14:35:30.761345	Details available customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-05T22:48:13.372Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000020 http://jvn.jp/en/jp/JVN20246313/index.html https://cs.cybozu.co.jp/2016/006108.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1152`	vulnerable	2026-06-03 14:35:30.761010	Details available Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-05T22:48:13.336Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023 http://jvn.jp/en/jp/JVN48720230/index.html https://cs.cybozu.co.jp/2015/006076.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1151`	vulnerable	2026-06-03 14:35:30.760551	Details available Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-05T22:48:13.498Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000024 https://cs.cybozu.co.jp/2016/006111.html http://jvn.jp/en/jp/JVN64209269/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1150`	vulnerable	2026-06-03 14:35:30.760056	Details available Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-05T22:48:13.005Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 https://cs.cybozu.co.jp/2015/006072.html https://cs.cybozu.co.jp/2015/006087.html https://cs.cybozu.co.jp/2016/006107.html http://jvn.jp/en/jp/JVN69278491/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1149`	vulnerable	2026-06-03 14:35:30.759273	Details available Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-05T22:48:12.977Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 https://cs.cybozu.co.jp/2015/006072.html https://cs.cybozu.co.jp/2015/006087.html https://cs.cybozu.co.jp/2016/006107.html http://jvn.jp/en/jp/JVN69278491/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8489`	vulnerable	2026-06-03 14:35:12.077898	Details available customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T08:20:42.463Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000020 http://jvn.jp/en/jp/JVN20246313/index.html https://cs.cybozu.co.jp/2015/006073.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8488`	vulnerable	2026-06-03 14:35:12.077339	Details available Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T08:20:42.444Z Open on db.gcve.eu Reference links https://cs.cybozu.co.jp/2015/006075.html http://jvn.jp/en/jp/JVN28042424/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000021	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8487`	vulnerable	2026-06-03 14:35:12.077022	Details available Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T08:20:42.428Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN47296923/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000022 https://cs.cybozu.co.jp/2015/006071.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8486`	vulnerable	2026-06-03 14:35:12.076436	Details available Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T08:20:42.523Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023 http://jvn.jp/en/jp/JVN48720230/index.html https://cs.cybozu.co.jp/2015/006074.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8485`	vulnerable	2026-06-03 14:35:12.075980	Details available Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T08:20:42.516Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023 https://cs.cybozu.co.jp/2015/006077.html http://jvn.jp/en/jp/JVN48720230/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8484`	vulnerable	2026-06-03 14:35:12.075518	Details available Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T08:20:41.753Z Open on db.gcve.eu Reference links https://cs.cybozu.co.jp/2016/006110.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023 http://jvn.jp/en/jp/JVN48720230/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8483`	vulnerable	2026-06-03 14:35:12.075030	Details available Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T08:20:42.424Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN71428831/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000025 https://cs.cybozu.co.jp/2015/006088.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7798`	vulnerable	2026-06-03 14:35:09.950145	Details available Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T07:58:59.914Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 https://cs.cybozu.co.jp/2015/006072.html https://cs.cybozu.co.jp/2015/006087.html https://cs.cybozu.co.jp/2016/006107.html http://jvn.jp/en/jp/JVN69278491/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7797`	vulnerable	2026-06-03 14:35:09.949486	Details available Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T07:58:59.893Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 https://cs.cybozu.co.jp/2015/006072.html https://cs.cybozu.co.jp/2015/006087.html https://cs.cybozu.co.jp/2016/006107.html http://jvn.jp/en/jp/JVN69278491/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7796`	vulnerable	2026-06-03 14:35:09.948821	Details available Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T07:59:00.384Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 https://cs.cybozu.co.jp/2015/006072.html https://cs.cybozu.co.jp/2015/006087.html https://cs.cybozu.co.jp/2016/006107.html http://jvn.jp/en/jp/JVN69278491/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7795`	vulnerable	2026-06-03 14:35:09.948038	Details available Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T07:58:59.980Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 https://cs.cybozu.co.jp/2015/006072.html https://cs.cybozu.co.jp/2015/006087.html https://cs.cybozu.co.jp/2016/006107.html http://jvn.jp/en/jp/JVN69278491/index.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Cybozu Office 10.3.0

PURL mappings

Vulnerability references

Contribute