CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20800
https://notcve.org/view.php?id=CVE-2021-20800
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting en la pantalla de administración de Cybozu Remote Service versión 3.1.8, permite a un atacante remoto autenticado inyectar un script arbitrario por medio de vectores no especificados • https://jvn.jp/en/jp/JVN52694228/index.html https://kb.cybozu.support/article/37420 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20799
https://notcve.org/view.php?id=CVE-2021-20799
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting en la pantalla de administración de Cybozu Remote Service versiones 3.1.8 hasta 3.1.9, permite a un atacante remoto autenticado inyectar un script arbitrario por vectores no especificados • https://jvn.jp/en/jp/JVN52694228/index.html https://kb.cybozu.support/article/37425 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20798
https://notcve.org/view.php?id=CVE-2021-20798
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting en la pantalla de administración de Cybozu Remote Service versiones 3.1.8 hasta 3.1.9, permite a un atacante remoto autenticado inyectar un script arbitrario por vectores no especificados • https://jvn.jp/en/jp/JVN52694228/index.html https://kb.cybozu.support/article/37424 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20797
https://notcve.org/view.php?id=CVE-2021-20797
Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox. Una vulnerabilidad de inclusión de Cross-site script en la pantalla de administración de Cybozu Remote Service versión 3.1.8, permite a un atacante remoto autenticado conseguir la información almacenada en el producto. Este problema sólo se produce cuando es usado Mozilla Firefox • https://jvn.jp/en/jp/JVN52694228/index.html https://kb.cybozu.support/article/37429 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20796
https://notcve.org/view.php?id=CVE-2021-20796
Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to upload an arbitrary file via unspecified vectors. Una vulnerabilidad de salto de directorio en la pantalla de administración de Cybozu Remote Service versión 3.1.8, permite a un atacante remoto autenticado cargar un archivo arbitrario por medio de vectores no especificados • https://jvn.jp/en/jp/JVN52694228/index.html https://kb.cybozu.support/article/37427 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •