CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5944
https://notcve.org/view.php?id=CVE-2019-5944
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'. Cybozu Garoon 4.0.0 a 4.10.1 permite a los atacantes autenticados remotos omitir el Access Restriction, alterar el contenido de la aplicación 'Address¨sin modificar los privilegios por medio de la aplicación 'Address'. • http://jvn.jp/en/jp/JVN58849431/index.html https://kb.cybozu.support/article/35487 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5939
https://notcve.org/view.php?id=CVE-2019-5939
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'. La vulnerabilidad del tipo Cross-site scripting en Cybozu Garoon 4.0.0 a 4.10.1 permite a los atacantes remotos inyectar scripts web o HTML a través de la aplicación 'Portal'. • http://jvn.jp/en/jp/JVN58849431/index.html https://kb.cybozu.support/article/35495 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5940
https://notcve.org/view.php?id=CVE-2019-5940
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'. La vulnerabilidad del tipo Cross-site scripting en Cybozu Garoon 4.0.0 a 4.10.1 permite a los atacantes remotos inyectar un script web o HTML arbitrario a través de la aplicación 'Scheduler'. • http://jvn.jp/en/jp/JVN58849431/index.html https://kb.cybozu.support/article/35490 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5933
https://notcve.org/view.php?id=CVE-2019-5933
Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application 'Bulletin'. Cybozu Garoon 4.0.0 a 4.10.0 permite a los atacantes remotos autenticados eludir Access Restriction para ver el Bulletin Board sin privilegios de visualización por medio de la aplicación 'Bulletin'. • http://jvn.jp/en/jp/JVN58849431/index.html https://kb.cybozu.support/article/35307 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5928
https://notcve.org/view.php?id=CVE-2019-5928
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function. La vulnerabilidad del tipo Cross-Site Scripting en Cybozu Garoon 4.0.0 a 4.6.3 permite a los atacantes remotos inyectar secuencias de comandos web o HTML a través de la función Customize Item. • http://jvn.jp/en/jp/JVN58849431/index.html https://jvn.jp/en/jp/JVN58849431 https://kb.cybozu.support/article/34279 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •