CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2016-4868
https://notcve.org/view.php?id=CVE-2016-4868
Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. Una vulnerabilidad de la inyección de encabezado de correo electrónico en Cybozu Office versiones 9.0.0 hasta 10.4.0, permite a los atacantes remotos inyectar encabezados de correo electrónico arbitrarios para enviar correos electrónicos no previstos por medio de peticiones especialmente diseñadas. • http://jvn.jp/en/jp/JVN08736331/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html http://www.securityfocus.com/bid/97713 https://support.cybozu.com/ja-jp/article/9433 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2016-4871
https://notcve.org/view.php?id=CVE-2016-4871
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. Cybozu Office 9.0.0 en versiones hasta 10.4.0 permite a atacantes remotos provocar una denegación de servicio. • http://jvn.jp/en/jp/JVN10092452/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000192.html http://www.securityfocus.com/bid/97716 https://support.cybozu.com/ja-jp/article/9426 • CWE-399: Resource Management Errors •
CVSS: 4.8EPSS: 0%CPEs: 16EXPL: 0CVE-2016-4865
https://notcve.org/view.php?id=CVE-2016-4865
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function. Una vulnerabilidad de tipo cross-site scripting en Cybozu Office versiones 9.0.0 hasta 10.4.0, permite a los atacantes con derechos de administrador inyectar script web o HTML arbitrario por medio de la función Customapp. • http://jvn.jp/en/jp/JVN06726266/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html http://www.securityfocus.com/bid/93281 https://support.cybozu.com/ja-jp/article/9430 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 16EXPL: 0CVE-2016-4866
https://notcve.org/view.php?id=CVE-2016-4866
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function. Una vulnerabilidad de tipo cross-site scripting en Cybozu Office versiones 9.0.0 hasta 10.4.0, permite a los atacantes con derechos de administrador inyectar script web o HTML arbitrario por medio de la función Project. • http://jvn.jp/en/jp/JVN06726266/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html http://www.securityfocus.com/bid/93281 https://support.cybozu.com/ja-jp/article/9431 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2015-7795
https://notcve.org/view.php?id=CVE-2015-7795
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. Vulnerabilidad de XSS en Cybozu Office 9.0.0 hasta la versión 10.3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149 y CVE-2016-1150. • http://jvn.jp/en/jp/JVN69278491/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 https://cs.cybozu.co.jp/2015/006072.html https://cs.cybozu.co.jp/2015/006087.html https://cs.cybozu.co.jp/2016/006107.html https://cs.cybozu.co.jp/2016/006109.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •