GCVE - cpe:2.3:a:cybozu:garoon:4.2.3:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:cybozu:garoon:4.2.3:*:*:*:*:*:*:*

part: a version: 4.2.3 update: *

Vendor	Cybozu (`6c3c6c19-80d3-5353-ad46-e08ec1369448`)
Product	Garoon (`d176de44-7896-57c4-9c0a-d58b65def00b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-2257`	vulnerable	2026-06-03 14:37:07.100466	Details available Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function. Published: 2017-08-28T20:00:00.000Z Updated: 2024-08-05T13:48:05.086Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9765 https://jvn.jp/en/jp/JVN63564682/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2256`	vulnerable	2026-06-03 14:37:07.099460	Details available Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo". Published: 2017-08-28T20:00:00.000Z Updated: 2024-08-05T13:48:05.058Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9744 https://jvn.jp/en/jp/JVN63564682/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2255`	vulnerable	2026-06-03 14:37:07.098432	Details available Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space". Published: 2017-08-28T20:00:00.000Z Updated: 2024-08-05T13:48:04.391Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9746 https://jvn.jp/en/jp/JVN63564682/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2254`	vulnerable	2026-06-03 14:37:07.094763	Details available Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input Published: 2017-08-28T20:00:00.000Z Updated: 2024-08-05T13:48:05.059Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9751 https://jvn.jp/en/jp/JVN63564682/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2146`	vulnerable	2026-06-03 14:37:06.756588	Details available Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu. Published: 2017-07-07T13:00:00.000Z Updated: 2024-08-05T13:48:05.030Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9702 http://jvn.jp/en/jp/JVN43534286/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2145`	vulnerable	2026-06-03 14:37:06.749633	Details available Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors. Published: 2017-07-07T13:00:00.000Z Updated: 2024-08-05T13:48:03.543Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9695 http://jvn.jp/en/jp/JVN43534286/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2095`	vulnerable	2026-06-03 14:37:06.611817	Details available Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors. Published: 2017-04-28T16:00:00.000Z Updated: 2024-08-05T13:39:32.320Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9660 http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2094`	vulnerable	2026-06-03 14:37:06.610732	Details available Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors. Published: 2017-04-28T16:00:00.000Z Updated: 2024-08-05T13:39:32.317Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9655 http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2093`	vulnerable	2026-06-03 14:37:06.609826	Details available Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. Published: 2017-04-28T16:00:00.000Z Updated: 2024-08-05T13:39:32.363Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN73182875/index.html https://support.cybozu.com/ja-jp/article/9647 http://www.securityfocus.com/bid/96429	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2092`	vulnerable	2026-06-03 14:37:06.608216	Details available Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Published: 2017-04-28T16:00:00.000Z Updated: 2024-08-05T13:39:32.334Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9555 http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2091`	vulnerable	2026-06-03 14:37:06.607076	Details available Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. Published: 2017-04-28T16:00:00.000Z Updated: 2024-08-05T13:39:32.243Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9570 http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.