Vulnerabilities > Cybozu
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-20 | CVE-2016-1215 | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2. | 4.3 |
| 2017-04-20 | CVE-2016-1214 | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2. | 4.3 |
| 2017-04-20 | CVE-2016-1213 | Open Redirect vulnerability in Cybozu Garoon The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. | 5.8 |
| 2017-04-20 | CVE-2016-1219 | Improper Authentication vulnerability in Cybozu Garoon Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. | 7.5 |
| 2017-04-17 | CVE-2016-4874 | Improper Access Control vulnerability in Cybozu Office Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack. | 3.5 |
| 2017-04-17 | CVE-2016-4873 | Permission Issues vulnerability in Cybozu Office Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function. | 4.0 |
| 2017-04-17 | CVE-2016-4872 | Information Exposure vulnerability in Cybozu Office Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail. | 4.0 |
| 2017-04-17 | CVE-2016-4871 | Resource Management Errors vulnerability in Cybozu Office Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. | 6.8 |
| 2017-04-17 | CVE-2016-4870 | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function. | 3.5 |
| 2017-04-17 | CVE-2016-4869 | Information Exposure vulnerability in Cybozu Office Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed. | 4.3 |