Cybozu Garoon 4.0.3

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.

Published: 2017-08-28T20:00:00.000Z
Updated: 2024-08-05T13:48:05.086Z

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo".

Published: 2017-08-28T20:00:00.000Z
Updated: 2024-08-05T13:48:05.058Z

Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".

Published: 2017-08-28T20:00:00.000Z
Updated: 2024-08-05T13:48:04.391Z

Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input

Published: 2017-08-28T20:00:00.000Z
Updated: 2024-08-05T13:48:05.059Z

Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.

Published: 2017-07-07T13:00:00.000Z
Updated: 2024-08-05T13:48:03.543Z

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.

Published: 2017-04-28T16:00:00.000Z
Updated: 2024-08-05T13:39:32.320Z

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.

Published: 2017-04-28T16:00:00.000Z
Updated: 2024-08-05T13:39:32.317Z

Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.

Published: 2017-04-28T16:00:00.000Z
Updated: 2024-08-05T13:39:32.363Z

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: 2017-04-28T16:00:00.000Z
Updated: 2024-08-05T13:39:32.334Z

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.

Published: 2017-04-28T16:00:00.000Z
Updated: 2024-08-05T13:39:32.243Z

SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.

Published: 2017-06-09T16:00:00.000Z
Updated: 2024-08-06T02:04:56.031Z

Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.

Published: 2017-06-09T16:00:00.000Z
Updated: 2024-08-06T02:04:56.075Z

Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.

Published: 2017-06-09T16:00:00.000Z
Updated: 2024-08-06T02:04:56.026Z

Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.

Published: 2017-06-09T16:00:00.000Z
Updated: 2024-08-06T00:46:39.235Z

Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.

Published: 2017-06-09T16:00:00.000Z
Updated: 2024-08-06T00:46:39.803Z

Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.

Published: 2017-06-09T16:00:00.000Z
Updated: 2024-08-06T00:46:39.909Z

Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.

Published: 2017-06-09T16:00:00.000Z
Updated: 2024-08-06T00:46:39.385Z

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.

Published: 2017-06-09T16:00:00.000Z
Updated: 2024-08-06T00:46:39.522Z

Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775.

Published: 2016-06-19T15:00:00.000Z
Updated: 2024-08-05T22:48:13.539Z

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.

Published: 2016-06-19T20:00:00.000Z
Updated: 2024-08-05T22:48:13.483Z

Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

Published: 2016-06-19T15:00:00.000Z
Updated: 2024-08-05T22:48:13.488Z

Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.

Published: 2016-06-25T21:00:00.000Z
Updated: 2024-08-05T22:48:13.499Z

Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors.

Published: 2016-06-19T20:00:00.000Z
Updated: 2024-08-05T22:48:13.555Z

Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors.

Published: 2016-06-19T20:00:00.000Z
Updated: 2024-08-05T22:48:13.542Z

Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.

Published: 2016-06-25T21:00:00.000Z
Updated: 2024-08-05T22:48:13.496Z

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.

Published: 2016-06-25T21:00:00.000Z
Updated: 2024-08-05T22:48:13.489Z

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.

Published: 2016-06-25T21:00:00.000Z
Updated: 2024-08-05T22:48:13.490Z

Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.

Published: 2016-06-19T20:00:00.000Z
Updated: 2024-08-06T07:58:59.965Z

Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197.

Published: 2016-06-19T15:00:00.000Z
Updated: 2024-08-06T07:58:59.991Z

Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges.

Published: 2015-10-08T20:00:00.000Z
Updated: 2024-08-06T06:59:03.498Z

The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866.

Published: 2015-10-12T10:00:00.000Z
Updated: 2024-08-06T06:59:04.038Z

Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867.

Published: 2015-10-12T10:00:00.000Z
Updated: 2024-08-06T06:59:04.338Z