Total
198 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-20711 | 1 Cybozu | 1 Garoon | 2026-02-19 | N/A | 6.1 MEDIUM |
|
Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
|
|||||
| CVE-2026-22881 | 1 Cybozu | 1 Garoon | 2026-02-19 | N/A | 5.4 MEDIUM |
|
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
|
|||||
| CVE-2026-22888 | 1 Cybozu | 1 Garoon | 2026-02-19 | N/A | 7.5 HIGH |
|
Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.
|
|||||
| CVE-2024-31397 | 1 Cybozu | 1 Garoon | 2026-02-13 | N/A | 4.9 MEDIUM |
|
Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition.
|
|||||
| CVE-2024-31400 | 1 Cybozu | 1 Garoon | 2025-08-05 | N/A | 6.5 MEDIUM |
|
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.
|
|||||
| CVE-2024-31401 | 1 Cybozu | 1 Garoon | 2025-08-05 | N/A | 9.0 CRITICAL |
|
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.
|
|||||
| CVE-2024-31403 | 1 Cybozu | 1 Garoon | 2025-05-28 | N/A | 5.4 MEDIUM |
|
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.
|
|||||
| CVE-2024-31404 | 1 Cybozu | 1 Garoon | 2025-05-28 | N/A | 4.3 MEDIUM |
|
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.
|
|||||
| CVE-2017-2145 | 1 Cybozu | 1 Garoon | 2025-04-20 | 5.8 MEDIUM | 5.4 MEDIUM |
|
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.
|
|||||
| CVE-2016-7803 | 1 Cybozu | 1 Garoon | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
|
|||||
| CVE-2016-1216 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.
|
|||||
| CVE-2017-2093 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.
|
|||||
| CVE-2017-2258 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".
|
|||||
| CVE-2016-1219 | 1 Cybozu | 1 Garoon | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.
|
|||||
| CVE-2016-1214 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.
|
|||||
| CVE-2016-1218 | 1 Cybozu | 1 Garoon | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in Cybozu Garoon before 4.2.2.
|
|||||
| CVE-2017-2091 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.
|
|||||
| CVE-2016-4906 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.
|
|||||
| CVE-2017-2094 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.
|
|||||
| CVE-2017-2092 | 1 Cybozu | 1 Garoon | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2017-2146 | 1 Cybozu | 1 Garoon | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.
|
|||||
| CVE-2016-7801 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.
|
|||||
| CVE-2017-2095 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.
|
|||||
| CVE-2016-1215 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.
|
|||||
| CVE-2016-1217 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.
|
|||||
| CVE-2017-2254 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input
|
|||||
| CVE-2016-4910 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.
|
|||||
| CVE-2016-4909 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.
|
|||||
| CVE-2016-1194 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.
|
|||||
| CVE-2017-2144 | 1 Cybozu | 1 Garoon | 2025-04-20 | 5.8 MEDIUM | 5.4 MEDIUM |
|
Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.
|
|||||
| CVE-2016-1213 | 1 Cybozu | 1 Garoon | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
|
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.
|
|||||
| CVE-2016-7802 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2017-2256 | 1 Cybozu | 1 Garoon | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo".
|
|||||
| CVE-2016-4907 | 1 Cybozu | 1 Garoon | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
|
|||||
| CVE-2016-4908 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.
|
|||||
| CVE-2016-1220 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon before 4.2.2 does not properly restrict access.
|
|||||
| CVE-2017-2255 | 1 Cybozu | 1 Garoon | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".
|
|||||
| CVE-2017-2257 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.
|
|||||
| CVE-2016-1193 | 1 Cybozu | 1 Garoon | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.
|
|||||
| CVE-2015-5646 | 1 Cybozu | 1 Garoon | 2025-04-12 | 8.5 HIGH | N/A |
|
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867.
|
|||||