CVE-2013-6906
https://notcve.org/view.php?id=CVE-2013-6906
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en un componente de correo en Cybozu Garoon anteriores a 3.7.0, cuando Internet Explorer 6 a 8 es utilizado, permite a atacnates remotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN23981867/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113 http://osvdb.org/100574 https://support.cybozu.com/ja-jp/article/6174 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6905
https://notcve.org/view.php?id=CVE-2013-6905
Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en un componente de teléfono en Cybozu Garoon anteriores a 3.7.0, cuando Internet Explorer o Firefox son utilizados, permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN23981867/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113 http://osvdb.org/100573 https://support.cybozu.com/ja-jp/article/6195 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6001
https://notcve.org/view.php?id=CVE-2013-6001
SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la función Space en Cybozu Garoon anteriores a 3.7 SP1 permite a atacantes autenticados remotamente ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN82375148/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000114 http://products.cybozu.co.jp/garoon/download/update/gr3/fix371sp1.html https://support.cybozu.com/ja-jp/article/6955 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2013-6901
https://notcve.org/view.php?id=CVE-2013-6901
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en la función Space en Cybozu Garoon anteriores a 3.7.0, cuando se utiliza Firefox, permite a atacantes rmotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN23981867/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113 http://osvdb.org/100555 https://support.cybozu.com/ja-jp/article/6193 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6908
https://notcve.org/view.php?id=CVE-2013-6908
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en un componente de correo en Cybozu Garoon 3.x anteriores a 3.7.0 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN23981867/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113 https://support.cybozu.com/ja-jp/article/5870 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •