Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
7.4CVSS
7.3AI Score
0.003EPSS
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.
4.3CVSS
4.5AI Score
0.006EPSS
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775.
6.1CVSS
5.7AI Score
0.002EPSS
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.
6.1CVSS
6.8AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.
6.1CVSS
6.4AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.
6.1CVSS
6.4AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.
6.1CVSS
6.4AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.
6.1CVSS
6.4AI Score
0.002EPSS
8.8CVSS
9.4AI Score
0.003EPSS
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.
9.8CVSS
9.4AI Score
0.005EPSS
4.3CVSS
5.6AI Score
0.001EPSS
Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers.
4.3CVSS
5AI Score
0.002EPSS
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read.
4.3CVSS
4.7AI Score
0.002EPSS
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information.
6.5CVSS
6.4AI Score
0.002EPSS
Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks.
4.3CVSS
4.9AI Score
0.002EPSS
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.
4.8CVSS
5AI Score
0.001EPSS
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.
4.8CVSS
5AI Score
0.001EPSS
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.
4.3CVSS
4.2AI Score
0.001EPSS
Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.
4.3CVSS
4.8AI Score
0.002EPSS
Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.
6.5CVSS
6.2AI Score
0.002EPSS
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.
5.4CVSS
5.1AI Score
0.001EPSS
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.
6.5CVSS
6.4AI Score
0.003EPSS
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.
4.3CVSS
4.2AI Score
0.001EPSS
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.
4.3CVSS
4.7AI Score
0.002EPSS
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.
3.5CVSS
4.2AI Score
0.001EPSS
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.
6.1CVSS
6.3AI Score
0.001EPSS
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
8.8CVSS
8.5AI Score
0.002EPSS
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.
4.3CVSS
4.6AI Score
0.002EPSS
Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.
4.3CVSS
5.2AI Score
0.001EPSS
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.
4.3CVSS
4.5AI Score
0.001EPSS
Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.
4.3CVSS
5AI Score
0.001EPSS
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
6.5CVSS
6.3AI Score
0.001EPSS
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
8.8CVSS
8.8AI Score
0.001EPSS
Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.
4.2CVSS
4.8AI Score
0.001EPSS
The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
5.9CVSS
5.2AI Score
0.001EPSS
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.
5.3CVSS
5.9AI Score
0.002EPSS
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.
7.5CVSS
7.5AI Score
0.002EPSS
Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.
4.3CVSS
4.7AI Score
0.001EPSS
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
6.5CVSS
6AI Score
0.001EPSS
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.
4.3CVSS
4.6AI Score
0.001EPSS
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
5.4CVSS
5.1AI Score
0.001EPSS
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.
4.3CVSS
5AI Score
0.001EPSS
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.
4.3CVSS
4.6AI Score
0.001EPSS
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.
4.3CVSS
4.6AI Score
0.001EPSS
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.
2.5CVSS
3.9AI Score
0.002EPSS
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
5.4CVSS
5.4AI Score
0.001EPSS
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.
4.3CVSS
4.8AI Score
0.001EPSS
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.
4.3CVSS
5AI Score
0.001EPSS
Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.
5.4CVSS
5.3AI Score
0.001EPSS
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.
5.4CVSS
5.5AI Score
0.001EPSS