Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-04-20
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-04-20
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-04-20
SQL injection vulnerability in Cybozu Garoon before 4.2.2.
CVSS Score
8.8
EPSS Score
0.01
Published
2017-04-20
Cybozu Garoon before 4.2.2 does not properly restrict access.
CVSS Score
4.3
EPSS Score
0.002
Published
2017-04-20
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.
CVSS Score
9.8
EPSS Score
0.039
Published
2017-04-20
Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.002
Published
2016-06-25
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.
CVSS Score
8.1
EPSS Score
0.002
Published
2016-06-25
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.002
Published
2016-06-25
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.
CVSS Score
4.3
EPSS Score
0.002
Published
2016-06-19