Garoon@4.10.1 Security Vulnerabilities and Issues — Garoon@4.10.1 CVE List

Lucene search

CybozuGaroon4.10.1

13 matches found

CVE•added 2019/05/17 4:29 p.m.•48 views

CVE-2019-5937

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information.

5.4CVSS5AI score0.00195EPSS

CVE•added 2019/05/17 4:29 p.m.•47 views

CVE-2019-5943

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application 'Bulletin' and the application 'Cabinet'.

4.3CVSS4.5AI score0.00153EPSS

CVE•added 2019/05/17 4:29 p.m.•47 views

CVE-2019-5946

Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen.

6.1CVSS5.9AI score0.00215EPSS

CVE•added 2019/05/17 4:29 p.m.•42 views

CVE-2019-5942

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'.

4.3CVSS4.7AI score0.00153EPSS

CVE•added 2019/05/17 4:29 p.m.•42 views

CVE-2019-5945

Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon.

9.8CVSS7.1AI score0.00844EPSS

CVE•added 2019/05/17 4:29 p.m.•41 views

CVE-2019-5935

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information.

4.3CVSS4.6AI score0.00179EPSS

CVE•added 2019/05/17 4:29 p.m.•39 views

CVE-2019-5936

Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'.

5.5CVSS5AI score0.00088EPSS

CVE•added 2019/05/17 4:29 p.m.•39 views

CVE-2019-5939

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'.

6.1CVSS5.5AI score0.0026EPSS

CVE•added 2019/05/17 4:29 p.m.•38 views

CVE-2019-5944

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'.

4.3CVSS4.6AI score0.00179EPSS

CVE•added 2019/05/17 4:29 p.m.•37 views

CVE-2019-5938

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'.

6.1CVSS5.5AI score0.0026EPSS

CVE•added 2019/05/17 4:29 p.m.•37 views

CVE-2019-5941

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application 'Multi Report'.

4.3CVSS4.6AI score0.00179EPSS

CVE•added 2019/05/17 4:29 p.m.•37 views

CVE-2019-5947

Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'.

5.4CVSS4.8AI score0.00195EPSS

CVE•added 2019/05/17 4:29 p.m.•34 views

CVE-2019-5940

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'.

6.1CVSS5.5AI score0.0026EPSS