CVSS: 6.8EPSS: 0%CPEs: 31EXPL: 0CVE-2013-6004
https://notcve.org/view.php?id=CVE-2013-6004
Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de fijación de sesión en Cygozu Garoon anteriores a 3.7.2 permite a atacantes remotos secuestrar sesiones web a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN87729477/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000117 https://support.cybozu.com/ja-jp/article/6929 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 0CVE-2013-6003
https://notcve.org/view.php?id=CVE-2013-6003
CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors. Vulnerabilidad de inyección CRLF en Cybozu Garoon 3.1 a 3.5 SP5, cuando se activa el reenvío de Phone Messages, permite a atacantes autenticados remotamente inyectar cabeceras de email arbitrarias a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN84221103/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000116 https://support.cybozu.com/ja-jp/article/6121 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 64EXPL: 0CVE-2013-6911
https://notcve.org/view.php?id=CVE-2013-6911
Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en el componente de tablón de anuncios de Cybozu Garoon anteriores a 3.7.2, cuando Internet Explorer o Firefox son utilizados, permite a usuarios autenticados inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN23981867/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113 http://osvdb.org/100561 https://support.cybozu.com/ja-jp/article/7158 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 0CVE-2013-6904
https://notcve.org/view.php?id=CVE-2013-6904
Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en un componente de notas en Cybozu Garoon anteriores a 3.7.0, cuando Internet Explorer o Firefox son utilizados, permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN23981867/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113 http://osvdb.org/100572 https://support.cybozu.com/ja-jp/article/6395 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 1%CPEs: 30EXPL: 0CVE-2013-6002
https://notcve.org/view.php?id=CVE-2013-6002
The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. El servidor en Cybozu Garoon anteriores a 3.7 SP1 permite a atacantes remotos causar denegación de servicio (consumo de CPU) a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN94245330/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000115 http://products.cybozu.co.jp/garoon/download/update/gr3/fix371sp1.html https://support.cybozu.com/ja-jp/article/6571 • CWE-399: Resource Management Errors •