Garoon@4.2.5 Security Vulnerabilities and Issues — Garoon@4.2.5 CVE List

Lucene search

CybozuGaroon4.2.5

5 matches found

CVE•added 2017/08/29 1:35 a.m.•48 views

CVE-2017-2257

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.

6.1CVSS6AI score0.00265EPSS

CVE•added 2017/08/29 1:35 a.m.•42 views

CVE-2017-2254

Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input

4.9CVSS5.2AI score0.00371EPSS

CVE•added 2017/08/29 1:35 a.m.•42 views

CVE-2017-2256

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo".

5.4CVSS5.7AI score0.00253EPSS

CVE•added 2017/08/29 1:35 a.m.•41 views

CVE-2017-2255

Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".

5.4CVSS5.4AI score0.00253EPSS

CVE•added 2017/08/29 1:35 a.m.•39 views

CVE-2017-2258

Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".

4.3CVSS4.8AI score0.0128EPSS