Every CVE whose affected-product data names Cybozu Garoon, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (198)
CVE-2014-1987 — CVSS 10.0 (critical): The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2016-1219 — CVSS 9.8 (critical): Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.
CVE-2019-5945 — CVSS 9.8 (critical): Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon.
CVE-2024-31401 — CVSS 9.0 (critical): Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege…
CVE-2016-4907 — CVSS 8.8 (high): Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
CVE-2016-7803 — CVSS 8.8 (high): SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via…
CVE-2018-0530 — CVSS 8.8 (high): SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via…
CVE-2018-0607 — CVSS 8.8 (high): SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to…
CVE-2019-5931 — CVSS 8.7 (high): Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified…
CVE-2015-5646 — CVSS 8.5 (high): Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified…
CVE-2015-5647 — CVSS 8.5 (high): The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary…
CVE-2016-1189 — CVSS 8.1 (high): Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying…
CVE-2018-0673 — CVSS 8.1 (high): Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified…
CVE-2022-30602 — CVSS 8.1 (high): Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the…
CVE-2020-5580 — CVSS 8.1 (high): Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on…
CVE-2022-29484 — CVSS 8.1 (high): Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the…
CVE-2021-20758 — CVSS 8.0 (high): Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack…
CVE-2019-5991 — CVSS 7.6 (high): SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands…
CVE-2016-1193 — CVSS 7.5 (high): Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.
CVE-2018-16178 — CVSS 7.5 (high): Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user…
CVE-2014-1996 — CVSS 7.5 (high): Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause…
CVE-2020-5567 — CVSS 7.5 (high): Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu.
CVE-2020-5584 — CVSS 7.5 (high): Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors.
CVE-2026-22888 — CVSS 7.5 (high): Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings…
CVE-2016-1195 — CVSS 7.4 (high): Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and…
CVE-2019-5934 — CVSS 7.2 (high): SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL…
CVE-2015-5649 — CVSS 7.0 (high): Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to…
CVE-2013-6004 — CVSS 6.8 (medium): Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2008-6569 — CVSS 6.8 (medium): Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in…
CVE-2022-29892 — CVSS 6.5 (medium): Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly…
CVE-2023-26595 — CVSS 6.5 (medium): Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial…
CVE-2006-4444 — CVSS 6.5 (medium): Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL…
CVE-2016-1188 — CVSS 6.5 (medium): Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.
CVE-2024-31400 — CVSS 6.5 (medium): Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited…
CVE-2022-29512 — CVSS 6.5 (medium): Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote…
CVE-2016-1190 — CVSS 6.5 (medium): Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified…
CVE-2013-6929 — CVSS 6.5 (medium): SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via…
CVE-2024-31399 — CVSS 6.5 (medium): Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited…
CVE-2016-7802 — CVSS 6.5 (medium): Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via…
CVE-2013-6001 — CVSS 6.5 (medium): SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary…
CVE-2014-0821 — CVSS 6.5 (medium): SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated…
CVE-2020-5581 — CVSS 6.5 (medium): Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via…
CVE-2020-5583 — CVSS 6.5 (medium): Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report's data…
CVE-2020-5587 — CVSS 6.5 (medium): Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors.
CVE-2013-6931 — CVSS 6.5 (medium): SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL…
CVE-2020-5643 — CVSS 6.5 (medium): Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the…
CVE-2013-6930 — CVSS 6.5 (medium): SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through…
CVE-2019-5940 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2019-5946 — CVSS 6.1 (medium): Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct…
CVE-2019-5978 — CVSS 6.1 (medium): Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct…
CVE-2020-5564 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2020-5568 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2021-20765 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via…
CVE-2021-20766 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via…
CVE-2021-20771 — CVSS 6.1 (medium): Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an…
CVE-2016-1197 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML…
CVE-2022-27627 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an…
CVE-2016-1213 — CVSS 6.1 (medium): The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.
CVE-2016-1214 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.
CVE-2016-1215 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.
CVE-2016-1216 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.
CVE-2016-1217 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.
CVE-2016-4906 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2026-20711 — CVSS 6.1 (medium): Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset…
CVE-2017-2257 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail…
CVE-2019-5928 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2019-5929 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2019-5938 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2019-5939 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2014-1989 — CVSS 6.0 (medium): Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information…
CVE-2013-0701 — CVSS 6.0 (medium): SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by…
CVE-2013-6006 — CVSS 5.8 (medium): Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request.
CVE-2024-39457 — CVSS 5.4 (medium): Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary…
CVE-2017-2092 — CVSS 5.4 (medium): Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or…
CVE-2024-31403 — CVSS 5.4 (medium): Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the…
CVE-2021-20767 — CVSS 5.4 (medium): Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an…
CVE-2017-2144 — CVSS 5.4 (medium): Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.
CVE-2017-2145 — CVSS 5.4 (medium): Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified…
CVE-2021-20770 — CVSS 5.4 (medium): Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary…
CVE-2021-20774 — CVSS 5.4 (medium): Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to…
CVE-2017-2255 — CVSS 5.4 (medium): Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich…
CVE-2017-2256 — CVSS 5.4 (medium): Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich…
CVE-2019-5936 — CVSS 5.4 (medium): Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access…
CVE-2015-7775 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML…
CVE-2021-20753 — CVSS 5.4 (medium): Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an…
CVE-2019-5947 — CVSS 5.4 (medium): Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or…
CVE-2019-5937 — CVSS 5.4 (medium): Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or…
CVE-2026-22881 — CVSS 5.4 (medium): Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset…
CVE-2021-20769 — CVSS 5.4 (medium): Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an…
CVE-2022-26368 — CVSS 5.4 (medium): Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote…
CVE-2018-0549 — CVSS 5.4 (medium): Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or…
CVE-2018-0551 — CVSS 5.4 (medium): Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or…
CVE-2019-5975 — CVSS 5.4 (medium): DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web…
CVE-2016-1191 — CVSS 5.3 (medium): Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify…
CVE-2021-20764 — CVSS 5.3 (medium): Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of…
CVE-2020-5563 — CVSS 5.3 (medium): Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via…
CVE-2022-28713 — CVSS 5.3 (medium): Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of…
CVE-2013-6002 — CVSS 5.0 (medium): The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
CVE-2024-31397 — CVSS 4.9 (medium): Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in…
CVE-2020-5562 — CVSS 4.9 (medium): Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege…
CVE-2019-5976 — CVSS 4.9 (medium): Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors.
CVE-2014-0817 — CVSS 4.9 (medium): Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to…
CVE-2020-5588 — CVSS 4.9 (medium): Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via…
CVE-2018-0533 — CVSS 4.9 (medium): Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session…
CVE-2017-2254 — CVSS 4.9 (medium): Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted…
CVE-2017-2146 — CVSS 4.8 (medium): Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2019-5932 — CVSS 4.8 (medium): Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or…
CVE-2020-5586 — CVSS 4.8 (medium): Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script…
CVE-2022-29513 — CVSS 4.8 (medium): Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an…
CVE-2020-5585 — CVSS 4.8 (medium): Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script…
CVE-2022-28718 — CVSS 4.3 (medium): Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the…
CVE-2008-6570 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary…
CVE-2011-1332 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or…
CVE-2011-1333 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject…
CVE-2011-1334 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise…
CVE-2013-0702 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attackers to inject arbitrary web script or…
CVE-2013-6900 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to…
CVE-2013-6901 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers…
CVE-2013-6902 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary…
CVE-2013-6903 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used…
CVE-2013-6904 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used…
CVE-2013-6905 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used…
CVE-2013-6906 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is used…
CVE-2013-6907 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject…
CVE-2013-6908 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allows remote attackers to inject arbitrary…
CVE-2013-6909 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary…
CVE-2013-6910 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web…
CVE-2013-6916 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10…
CVE-2015-7776 — CVSS 4.3 (medium): Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to…
CVE-2016-1192 — CVSS 4.3 (medium): Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read…
CVE-2016-1196 — CVSS 4.3 (medium): Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive…
CVE-2016-4908 — CVSS 4.3 (medium): Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private…
CVE-2016-4909 — CVSS 4.3 (medium): Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a…
CVE-2016-4910 — CVSS 4.3 (medium): Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators'…
CVE-2016-7801 — CVSS 4.3 (medium): Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.
CVE-2017-2091 — CVSS 4.3 (medium): Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the…
CVE-2017-2093 — CVSS 4.3 (medium): Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.
CVE-2017-2094 — CVSS 4.3 (medium): Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function…
CVE-2017-2095 — CVSS 4.3 (medium): Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an…
CVE-2017-2258 — CVSS 4.3 (medium): Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API…
CVE-2018-0531 — CVSS 4.3 (medium): Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a…
CVE-2018-0548 — CVSS 4.3 (medium): Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of "Space" via…
CVE-2018-0550 — CVSS 4.3 (medium): Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via…
CVE-2019-5930 — CVSS 4.3 (medium): Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application…
CVE-2019-5933 — CVSS 4.3 (medium): Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view…
CVE-2019-5935 — CVSS 4.3 (medium): Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access…
CVE-2019-5941 — CVSS 4.3 (medium): Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges…
CVE-2019-5942 — CVSS 4.3 (medium): Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges…
CVE-2019-5943 — CVSS 4.3 (medium): Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view…
CVE-2019-5944 — CVSS 4.3 (medium): Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application…
CVE-2019-5977 — CVSS 4.3 (medium): Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via…
CVE-2020-5565 — CVSS 4.3 (medium): Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's…
CVE-2020-5566 — CVSS 4.3 (medium): Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application's data…
CVE-2020-5582 — CVSS 4.3 (medium): Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to…
CVE-2021-20754 — CVSS 4.3 (medium): Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the…
CVE-2021-20755 — CVSS 4.3 (medium): Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the…
CVE-2021-20756 — CVSS 4.3 (medium): Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the…
CVE-2021-20757 — CVSS 4.3 (medium): Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the…
CVE-2021-20759 — CVSS 4.3 (medium): Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter…
CVE-2021-20760 — CVSS 4.3 (medium): Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the…
CVE-2021-20762 — CVSS 4.3 (medium): Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail…
CVE-2021-20763 — CVSS 4.3 (medium): Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain…
CVE-2021-20768 — CVSS 4.3 (medium): Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated…
CVE-2021-20772 — CVSS 4.3 (medium): Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the…
CVE-2021-20773 — CVSS 4.3 (medium): There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route…
CVE-2021-20775 — CVSS 4.3 (medium): Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the…
CVE-2022-26051 — CVSS 4.3 (medium): Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the…
CVE-2022-26054 — CVSS 4.3 (medium): Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data…
CVE-2022-27661 — CVSS 4.3 (medium): Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the…
CVE-2022-27803 — CVSS 4.3 (medium): Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data…
CVE-2022-27807 — CVSS 4.3 (medium): Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add…
CVE-2022-28692 — CVSS 4.3 (medium): Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the…
CVE-2022-29467 — CVSS 4.3 (medium): Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of…
CVE-2022-29471 — CVSS 4.3 (medium): Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.
CVE-2022-30943 — CVSS 4.3 (medium): Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the…
CVE-2022-31472 — CVSS 4.3 (medium): Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the…
CVE-2023-27304 — CVSS 4.3 (medium): Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker…
CVE-2023-27384 — CVSS 4.3 (medium): Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data…
CVE-2024-31398 — CVSS 4.3 (medium): Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user…
CVE-2024-31402 — CVSS 4.3 (medium): Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared…
CVE-2024-31404 — CVSS 4.3 (medium): Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to…
CVE-2014-0820 — CVSS 4.0 (medium): Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote…
CVE-2014-1993 — CVSS 4.0 (medium): The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions…
CVE-2014-1992 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows…
CVE-2013-6912 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used…
CVE-2014-1988 — CVSS 3.5 (low): The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource…
CVE-2013-6915 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated…
CVE-2013-6003 — CVSS 3.5 (low): CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated…
CVE-2013-6913 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote…
CVE-2013-6911 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox…
CVE-2013-6914 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject…
CVE-2014-1995 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote…
CVE-2014-1994 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated…
CVE-2018-0532 — CVSS 2.7 (low): Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard…
CVE-2021-20761 — CVSS 2.7 (low): Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege…