Shodan
Vulnerabilities
Vulnerable Software
Cybozu:  >> Garoon  Security Vulnerabilities
CVE-2026-20711
Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-02
CVE-2026-22881
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
CVSS Score
5.7
EPSS Score
0.0
Published
2026-02-02
CVE-2026-22888
Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.
CVSS Score
4.9
EPSS Score
0.0
Published
2026-02-02
CVE-2024-39457
Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser.
CVSS Score
5.4
EPSS Score
0.008
Published
2024-07-19
CVE-2024-31397
Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition.
CVSS Score
4.9
EPSS Score
0.001
Published
2024-06-11
CVE-2024-31398
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.
CVSS Score
4.3
EPSS Score
0.005
Published
2024-06-11
CVE-2024-31399
Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-06-11
CVE-2024-31402
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.
CVSS Score
4.3
EPSS Score
0.004
Published
2024-06-11
CVE-2024-31400
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.
CVSS Score
6.5
EPSS Score
0.005
Published
2024-06-11
CVE-2024-31401
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.
CVSS Score
9.0
EPSS Score
0.035
Published
2024-06-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved