Vulnerabilities > Cybozu > Office > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-26 | CVE-2018-0528 | Information Exposure vulnerability in Cybozu Office Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors. | 4.3 |
| 2018-06-26 | CVE-2018-0527 | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2018-06-26 | CVE-2018-0526 | Information Exposure vulnerability in Cybozu Office Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors. | 4.3 |
| 2017-10-12 | CVE-2017-10857 | Improper Privilege Management vulnerability in Cybozu Office Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function. | 4.3 |
| 2017-04-28 | CVE-2017-2116 | Unspecified vulnerability in Cybozu Office Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors. | 4.3 |
| 2017-04-28 | CVE-2017-2115 | Incorrect Permission Assignment for Critical Resource vulnerability in Cybozu Office Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. | 4.3 |
| 2017-04-28 | CVE-2017-2114 | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2017-04-17 | CVE-2016-4873 | Permission Issues vulnerability in Cybozu Office Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function. | 4.3 |
| 2017-04-17 | CVE-2016-4872 | Information Exposure vulnerability in Cybozu Office Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail. | 4.3 |
| 2017-04-17 | CVE-2016-4871 | Resource Management Errors vulnerability in Cybozu Office Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. | 6.5 |