Total
190 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6911 | 3 Cybozu, Microsoft, Mozilla | 3 Garoon, Internet Explorer, Firefox | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6907 | 1 Cybozu | 1 Garoon | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-0701 | 1 Cybozu | 1 Garoon | 2025-04-11 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege. | |||||
| CVE-2013-6003 | 1 Cybozu | 1 Garoon | 2025-04-11 | 3.5 LOW | N/A |
| CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors. | |||||
| CVE-2013-6913 | 2 Cybozu, Microsoft | 2 Garoon, Internet Explorer | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-6570 | 1 Cybozu | 1 Garoon | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. | |||||
| CVE-2008-6569 | 1 Cybozu | 1 Garoon | 2025-04-09 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page. | |||||
| CVE-2006-4444 | 1 Cybozu | 1 Garoon | 2025-04-03 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functionality; the (4) cid parameter in (j) todo/index; the (5) iid parameter in the (k) memo/view or (l) memo/print functionality; or the (6) event parameter in the (m) schedule/view functionality. | |||||
| CVE-2024-31402 | 1 Cybozu | 1 Garoon | 2025-03-28 | N/A | 4.3 MEDIUM |
| Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos. | |||||
| CVE-2024-31399 | 1 Cybozu | 1 Garoon | 2025-03-20 | N/A | 6.5 MEDIUM |
| Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition. | |||||
| CVE-2024-39457 | 1 Cybozu | 1 Garoon | 2025-03-19 | N/A | 5.4 MEDIUM |
| Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser. | |||||
| CVE-2024-31398 | 1 Cybozu | 1 Garoon | 2025-03-13 | N/A | 4.3 MEDIUM |
| Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users. | |||||
| CVE-2023-26595 | 1 Cybozu | 1 Garoon | 2025-01-28 | N/A | 6.5 MEDIUM |
| Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition. | |||||
| CVE-2023-27384 | 1 Cybozu | 1 Garoon | 2025-01-17 | N/A | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport. | |||||
| CVE-2023-27304 | 1 Cybozu | 1 Garoon | 2025-01-17 | N/A | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin. | |||||
| CVE-2022-31472 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet. | |||||
| CVE-2022-30943 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin. | |||||
| CVE-2022-30602 | 1 Cybozu | 1 Garoon | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files. | |||||
| CVE-2022-29892 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS). | |||||
| CVE-2022-29513 | 1 Cybozu | 1 Garoon | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script. | |||||