Garoon Security Vulnerabilities and Issues — Garoon CVE List

Lucene search

CybozuGaroon

11 matches found

CVE•added 2013/12/05 12:55 p.m.•48 views

CVE-2013-6912

Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.3AI score0.00232EPSS

CVE•added 2014/05/02 10:55 a.m.•45 views

CVE-2014-1988

The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors.

3.5CVSS6.3AI score0.00426EPSS

CVE•added 2014/07/20 11:12 a.m.•45 views

CVE-2014-1995

Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.4AI score0.00209EPSS

CVE•added 2014/07/20 11:12 a.m.•43 views

CVE-2014-1994

Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.3AI score0.00209EPSS

CVE•added 2013/12/05 12:55 p.m.•42 views

CVE-2013-6914

Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.3AI score0.00201EPSS

CVE•added 2014/07/20 11:12 a.m.•41 views

CVE-2014-1992

Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.3AI score0.00209EPSS

CVE•added 2013/12/05 12:55 p.m.•38 views

CVE-2013-6911

Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.3AI score0.00232EPSS

CVE•added 2021/08/18 6:15 a.m.•35 views

CVE-2021-20761

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.

3.5CVSS4.3AI score0.00147EPSS

CVE•added 2013/12/05 12:55 p.m.•34 views

CVE-2013-6003

CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors.

3.5CVSS6.6AI score0.00218EPSS

CVE•added 2013/12/05 12:55 p.m.•33 views

CVE-2013-6913

Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.3AI score0.00232EPSS

CVE•added 2013/12/05 12:55 p.m.•31 views

CVE-2013-6915

Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.3AI score0.00201EPSS