135 matches found
CVE-2021-20875
Open redirect vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks by having a user to...
Open redirect
Open redirect vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks by having a user to...
Path traversal
Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows an attacker with an administrative privilege to obtain sensitive information stored in the hierarchy above the directory on...
CVE-2021-20876
CVE-2021-20876 is a path traversal flaw in GroupSession products (Free edition v5.1.1 and earlier, byCloud v5.1.1 and earlier, ZION v5.1.1 and earlier) that could allow an administrator to access sensitive files outside the web root on the published site via unspecified vectors. The issue affects...
CVE-2021-20876
Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows an attacker with an administrative privilege to obtain sensitive information stored in the hierarchy above the directory on...
CVE-2021-20875
CVE-2021-20875 is an open redirect vulnerability in GroupSession products (Free edition v5.1.1 and earlier, byCloud v5.1.1 and earlier, ZION v5.1.1 and earlier). The root cause is input validation that allows a specially crafted URL to redirect users to arbitrary sites, enabling phishing when use...
CVE-2021-20875
Open redirect vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks by having a user to...
CVE-2021-20874
CVE-2021-20874 involves incorrect permission assignment in GroupSession components (Free edition v5.1.1 and earlier, byCloud v5.1.1 and earlier, ZION v5.1.1 and earlier). The root cause is CWE-732 (Incorrect Permission Assignment for Critical Resource), enabling a remote unauthenticated attacker ...
CVE-2021-20874
Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to access arbitrary files on the server and obtain...
Multiple vulnerabilities in GroupSession
Overview GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2021-20874 Open redirect CWE-601 - CVE-2021-20875 Path Traversal CWE-22 - CVE-2021-20876 CVE-2021-20874 TAKUMA SHIGA...
Japan Total System GroupSession 输入验证错误漏洞
Japan Total System GroupSession is a groupware project from Japan Total System to facilitate communication in businesses and organizations, designed to promote information sharing. A security vulnerability exists in GroupSession, which can be exploited by an attacker to access arbitrary files on...
Japan Total System GroupSession 路径遍历漏洞
Japan Total System GroupSession is a groupware project from Japan Total System, Inc. that facilitates business and organizational communication and is designed to promote information sharing. A path traversal vulnerability exists in GroupSession, which arises when a network system or product fail...
JVN#79798166: Multiple vulnerabilities in GroupSession
GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2021-20874 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N| Base Score: 7.5 CVSS v2|...
CVE-2021-20786
Cross-site request forgery CSRF vulnerability in GroupSession GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 allows a remote attacke...
CVE-2021-20785
Cross-site scripting vulnerability in GroupSession GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 allows a remote attacker to inject...
CVE-2021-20788
Server-side request forgery SSRF vulnerability in GroupSession GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 allows a remote...
CVE-2021-20787
Cross-site scripting vulnerability in GroupSession GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 allows a remote attacker to inject...
CVE-2021-20786
Cross-site request forgery CSRF vulnerability in GroupSession GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 allows a remote attacke...
CVE-2021-20789
Open redirect vulnerability in GroupSession GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 allows a remote attacker to redirect a us...
Cross site scripting
Cross-site scripting vulnerability in GroupSession GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 allows a remote attacker to inject...