CVE-2013-6909
https://notcve.org/view.php?id=CVE-2013-6909
Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el componente report de Cybozu Garoon anterior a la versión 3.7.0 permite a atacantes remotos inyectar script web o HTML arbitrario a través de vectores sin especificar. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN23981867/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113 https://support.cybozu.com/ja-jp/article/6384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6003
https://notcve.org/view.php?id=CVE-2013-6003
CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors. Vulnerabilidad de inyección CRLF en Cybozu Garoon 3.1 a 3.5 SP5, cuando se activa el reenvío de Phone Messages, permite a atacantes autenticados remotamente inyectar cabeceras de email arbitrarias a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN84221103/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000116 https://support.cybozu.com/ja-jp/article/6121 • CWE-20: Improper Input Validation •
CVE-2013-6911
https://notcve.org/view.php?id=CVE-2013-6911
Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en el componente de tablón de anuncios de Cybozu Garoon anteriores a 3.7.2, cuando Internet Explorer o Firefox son utilizados, permite a usuarios autenticados inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN23981867/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113 http://osvdb.org/100561 https://support.cybozu.com/ja-jp/article/7158 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6912
https://notcve.org/view.php?id=CVE-2013-6912
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en un componente de calendario en Cybozu Garoon anteriores a 3.7.2, cuando Internet Explorer 6 a 9 son utilizados, permite a usuarios autenticados remotamente inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN23981867/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113 http://osvdb.org/100560 https://support.cybozu.com/ja-jp/article/6927 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6913
https://notcve.org/view.php?id=CVE-2013-6913
Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en un componente de búsqueda de Cybozu Garoon anteriores a 3.7.2, cuando Internet Explorer es utilizado, permite a ususario autenticados remotamente inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN23981867/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113 http://osvdb.org/100559 https://support.cybozu.com/ja-jp/article/6928 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •