Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL.
CVSS Score
5.5
EPSS Score
0.003
Published
2011-10-21
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "address book and user list functions."
CVSS Score
4.3
EPSS Score
0.005
Published
2011-06-29
Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the bulletin board system."
CVSS Score
4.3
EPSS Score
0.005
Published
2011-06-29
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the mail system."
CVSS Score
4.3
EPSS Score
0.005
Published
2011-06-29