Vulnerabilities > Cybozu > Garoon > 3.1

DATE CVE VULNERABILITY TITLE RISK
2017-04-20 CVE-2016-1215 Cross-site Scripting vulnerability in Cybozu Garoon
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.
network
low complexity
cybozu CWE-79
6.1
6.1
2017-04-20 CVE-2016-1214 Cross-site Scripting vulnerability in Cybozu Garoon
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.
network
low complexity
cybozu CWE-79
6.1
6.1
2017-04-20 CVE-2016-1213 Open Redirect vulnerability in Cybozu Garoon
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.
network
low complexity
cybozu CWE-601
6.1
6.1
2017-04-20 CVE-2016-1219 Improper Authentication vulnerability in Cybozu Garoon
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.
network
low complexity
cybozu CWE-287
critical
 9.8
9.8