Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.
9.8CVSS
9.4AI Score
0.005EPSS
Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon.
9.8CVSS
7.1AI Score
0.013EPSS
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.
9CVSS
6.4AI Score
0.0004EPSS