Vulnerabilities > Cybozu > Garoon > 4.10

DATE CVE VULNERABILITY TITLE RISK
2021-08-18 CVE-2021-20766 Cross-site Scripting vulnerability in Cybozu Garoon
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
network
cybozu CWE-79
4.3
4.3
2021-08-18 CVE-2021-20767 Cross-site Scripting vulnerability in Cybozu Garoon
Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
network
cybozu CWE-79
3.5
3.5
2021-08-18 CVE-2021-20768 Unspecified vulnerability in Cybozu Garoon
Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.
network
low complexity
cybozu
4.0
4.0
2021-08-18 CVE-2021-20769 Cross-site Scripting vulnerability in Cybozu Garoon
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
network
cybozu CWE-79
3.5
3.5
2021-08-18 CVE-2021-20770 Cross-site Scripting vulnerability in Cybozu Garoon
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
network
cybozu CWE-79
3.5
3.5
2021-08-18 CVE-2021-20771 Cross-site Scripting vulnerability in Cybozu Garoon
Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.
network
low complexity
cybozu CWE-79
6.1
6.1
2021-08-18 CVE-2021-20773 Unspecified vulnerability in Cybozu Garoon
There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.
network
low complexity
cybozu
4.0
4.0
2021-08-18 CVE-2021-20774 Cross-site Scripting vulnerability in Cybozu Garoon
Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
network
cybozu CWE-79
3.5
3.5
2020-06-30 CVE-2020-5587 Information Exposure vulnerability in Cybozu Garoon
Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors.
network
low complexity
cybozu CWE-200
4.0
4.0
2020-06-30 CVE-2020-5584 Information Exposure vulnerability in Cybozu Garoon
Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors.
network
low complexity
cybozu CWE-200
5.0
5.0