Vulnerabilities > Cybozu > Garoon > 3.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-28 | CVE-2017-2093 | Information Exposure vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. | 4.3 |
| 2017-04-28 | CVE-2017-2092 | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2017-04-28 | CVE-2017-2091 | Unspecified vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. | 4.3 |
| 2017-04-20 | CVE-2016-1220 | Improper Access Control vulnerability in Cybozu Garoon Cybozu Garoon before 4.2.2 does not properly restrict access. | 4.3 |
| 2017-04-20 | CVE-2016-1218 | SQL Injection vulnerability in Cybozu Garoon SQL injection vulnerability in Cybozu Garoon before 4.2.2. | 8.8 |
| 2017-04-20 | CVE-2016-1217 | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. | 6.1 |
| 2017-04-20 | CVE-2016-1216 | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2. | 6.1 |
| 2017-04-20 | CVE-2016-1215 | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2. | 6.1 |
| 2017-04-20 | CVE-2016-1214 | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2. | 6.1 |
| 2017-04-20 | CVE-2016-1213 | Open Redirect vulnerability in Cybozu Garoon The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. | 6.1 |