Garoon Security Vulnerabilities - CVSS Score 9 - 10

CVE-2016-1219

Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.

CVE-2019-5945

Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon.

CVE-2024-31401

Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.