9 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Cybozu Mailwise, desde la versión 5.0.0 hasta la 5.4.5, que permite que un atacante remoto elimine archivos arbitrarios mediante vectores sin especificar. • https://jvn.jp/en/jp/JVN83739174/index.html https://kb.cybozu.support/article/34135 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en Cybozu Mailwise, de la versión 5.0.0 a la 5.4.1, permite que atacantes remotos autenticados inyecte scripts web o HTML arbitrarios en "Address" mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN52319657/index.html https://support.cybozu.com/ja-jp/article/10196 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) reflejado en Cybozu Mailwise, de la versión 5.0.0 a la 5.4.1, permite que atacantes remotos autenticados inyecte scripts web o HTML arbitrarios en "System settings" mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN52319657/index.html https://support.cybozu.com/ja-jp/article/10193 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) persistente en Cybozu Mailwise, de la versión 5.0.0 a la 5.4.1, permite que atacantes remotos autenticados inyecte scripts web o HTML "E-mail Details Screen" arbitrarios mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN52319657/index.html https://support.cybozu.com/ja-jp/article/10194 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0

Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers. Cybozu Mailwise en versiones anteriores a 5.4.0 permite a atacantes inyectar las cabeceras de email arbitrarios. • http://jvn.jp/en/jp/JVN01353821/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000135.html http://www.securityfocus.com/bid/92459 https://support.cybozu.com/ja-jp/article/9607 • CWE-20: Improper Input Validation •