Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Garoon
(Cybozu)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 192 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2013-12-05 | CVE-2013-6905 | Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Garoon | N/A | ||
| 2013-12-05 | CVE-2013-6911 | Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | Garoon | N/A | ||
| 2013-12-05 | CVE-2013-6913 | Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | Garoon | N/A | ||
| 2019-01-09 | CVE-2018-16178 | Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function. | Garoon | 7.5 | ||
| 2017-07-07 | CVE-2017-2144 | Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page. | Garoon | 5.4 | ||
| 2017-04-28 | CVE-2017-2095 | Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors. | Garoon | 4.3 | ||
| 2017-04-28 | CVE-2017-2094 | Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors. | Garoon | 4.3 | ||
| 2017-04-28 | CVE-2017-2091 | Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. | Garoon | 4.3 | ||
| 2019-09-12 | CVE-2019-5991 | SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | Garoon | N/A | ||
| 2019-09-12 | CVE-2019-5978 | Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'. | Garoon | N/A |