Vulnerabilities > Cybozu > Garoon > 2.5.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-20 | CVE-2016-1220 | Improper Access Control vulnerability in Cybozu Garoon Cybozu Garoon before 4.2.2 does not properly restrict access. | 4.3 |
2017-04-20 | CVE-2016-1218 | SQL Injection vulnerability in Cybozu Garoon SQL injection vulnerability in Cybozu Garoon before 4.2.2. | 8.8 |
2017-04-20 | CVE-2016-1217 | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. | 6.1 |
2017-04-20 | CVE-2016-1216 | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2. | 6.1 |
2017-04-20 | CVE-2016-1215 | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2. | 6.1 |
2017-04-20 | CVE-2016-1214 | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2. | 6.1 |
2017-04-20 | CVE-2016-1213 | Open Redirect vulnerability in Cybozu Garoon The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. | 6.1 |
2017-04-20 | CVE-2016-1219 | Improper Authentication vulnerability in Cybozu Garoon Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. | 9.8 |