Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-07-07
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-07-07
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-04-20
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-04-20
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-04-20
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-04-20
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-04-20
SQL injection vulnerability in Cybozu Garoon before 4.2.2.
CVSS Score
8.8
EPSS Score
0.01
Published
2017-04-20
Cybozu Garoon before 4.2.2 does not properly restrict access.
CVSS Score
4.3
EPSS Score
0.002
Published
2017-04-20
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.
CVSS Score
9.8
EPSS Score
0.039
Published
2017-04-20