Vulnerabilities > Cybozu > Office > 10.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-17 | CVE-2016-4869 | Information Exposure vulnerability in Cybozu Office Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed. | 6.5 |
| 2017-04-17 | CVE-2016-4868 | Improper Input Validation vulnerability in Cybozu Office Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. | 4.3 |
| 2017-04-17 | CVE-2016-4867 | Information Exposure vulnerability in Cybozu Office Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function. | 4.3 |
| 2017-04-17 | CVE-2016-4866 | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function. | 4.8 |
| 2017-04-17 | CVE-2016-4865 | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function. | 4.8 |
| 2016-02-17 | CVE-2016-1152 | Permissions, Privileges, and Access Controls vulnerability in Cybozu Office Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486. | 5.4 |
| 2016-02-17 | CVE-2016-1151 | Cross-Site Request Forgery (CSRF) vulnerability in Cybozu Office Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users. | 8.8 |
| 2016-02-17 | CVE-2016-1150 | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149. | 6.1 |
| 2016-02-17 | CVE-2016-1149 | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150. | 6.1 |
| 2016-02-17 | CVE-2015-8489 | Improper Input Validation vulnerability in Cybozu Office customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153. | 6.5 |