CVSS: 4.3EPSS: 0%CPEs: 65EXPL: 0CVE-2013-6916
https://notcve.org/view.php?id=CVE-2013-6916
Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en la Yahoo! User Interface Library en Cybozu Garoon anteriores a 3.7.2, cuando Internet Explorer 9 o 10, o Chrome son utilizados, permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN23981867/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113 http://osvdb.org/100554 https://support.cybozu.com/ja-jp/article/7157 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 30EXPL: 0CVE-2013-6001
https://notcve.org/view.php?id=CVE-2013-6001
SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la función Space en Cybozu Garoon anteriores a 3.7 SP1 permite a atacantes autenticados remotamente ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN82375148/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000114 http://products.cybozu.co.jp/garoon/download/update/gr3/fix371sp1.html https://support.cybozu.com/ja-jp/article/6955 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 1%CPEs: 30EXPL: 0CVE-2013-6002
https://notcve.org/view.php?id=CVE-2013-6002
The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. El servidor en Cybozu Garoon anteriores a 3.7 SP1 permite a atacantes remotos causar denegación de servicio (consumo de CPU) a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN94245330/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000115 http://products.cybozu.co.jp/garoon/download/update/gr3/fix371sp1.html https://support.cybozu.com/ja-jp/article/6571 • CWE-399: Resource Management Errors •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-0701
https://notcve.org/view.php?id=CVE-2013-0701
SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege. Vulnerabilidad que permite la inyección de código SQL en Cybozu Garoon v2.5 hasta 3.5.3 que permite a usuarios autenticados ejecutar código arbitrario SQL para elevar privilegios. • http://cs.cybozu.co.jp/information/20130125up02.php http://jvn.jp/en/jp/JVN07629635/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000007 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2013-0702
https://notcve.org/view.php?id=CVE-2013-0702
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad ante la ejecución de secuencias de comandos en sitios cruzados de Cybozu Garoon v2.0.0 hasta v3.5.3 permite a atacantes remotos inyectar web script o html arbitrarios por vectores sin especificar. • http://cs.cybozu.co.jp/information/20130125up01.php http://jvn.jp/en/jp/JVN95863326/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •