Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2017-04-20	CVE-2016-1214	Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2. network low complexity cybozu CWE-79	6.1
2017-04-20	CVE-2016-1213	Open Redirect vulnerability in Cybozu Garoon The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. network low complexity cybozu CWE-601	6.1
2016-06-25	CVE-2016-1190	Improper Access Control vulnerability in Cybozu Garoon Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. network low complexity cybozu CWE-284	6.5
2016-06-25	CVE-2016-1188	Unspecified vulnerability in Cybozu Garoon Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. network low complexity cybozu	6.5
2016-06-19	CVE-2016-1196	Information Exposure vulnerability in Cybozu Garoon Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776. network low complexity cybozu CWE-200	4.3
2016-06-19	CVE-2016-1192	Information Exposure vulnerability in Cybozu Garoon Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors. network low complexity cybozu CWE-200	4.3
2016-06-19	CVE-2016-1191	Path Traversal vulnerability in Cybozu Garoon Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors. network low complexity cybozu CWE-22	5.3
2016-06-19	CVE-2015-7776	Information Exposure vulnerability in Cybozu Garoon Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196. network low complexity cybozu CWE-200	4.3
2016-06-19	CVE-2016-1197	Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775. network low complexity cybozu CWE-79	6.1
2016-06-19	CVE-2015-7775	Cross-site Scripting vulnerability in Cybozu Garoon 4.0.3 Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197. network low complexity cybozu CWE-79	5.4