CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 0CVE-2016-4906
https://notcve.org/view.php?id=CVE-2016-4906
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai. Una vulnerabilidad de tipo cross-site-scripting en Cybozu Garoon versiones 3.0.0 hasta 4.2.2, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de la función "Messages" de Cybozu Garoon Keitai. • http://www.securityfocus.com/bid/94969 https://jvn.jp/en/jp/JVN12281353/index.html https://support.cybozu.com/ja-jp/article/9511 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 27EXPL: 0CVE-2016-4907
https://notcve.org/view.php?id=CVE-2016-4907
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. Cybozu Garoon versiones 3.0.0 hasta 4.2.2, permite a los atacantes remotos obtener tokens CSRF por medio de vectores no especificados. • http://www.securityfocus.com/bid/94965 https://jvn.jp/en/jp/JVN13218253/index.html https://support.cybozu.com/ja-jp/article/9441 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 27EXPL: 0CVE-2016-4910
https://notcve.org/view.php?id=CVE-2016-4910
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors. Cybozu Garoon versiones 3.0.0 hasta 4.2.2, permite a los atacantes identificados remotos omitir la restricción de acceso para eliminar los filtros MultiReport de otros administradores operativos por medio de vectores no especificados. • http://www.securityfocus.com/bid/94966 https://jvn.jp/en/jp/JVN14631222/index.html https://support.cybozu.com/ja-jp/article/9461 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2016-7802
https://notcve.org/view.php?id=CVE-2016-7802
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors. La vulnerabilidad de salto de directorios en Cybozu Garoon versiones 3.0.0 a 4.2.2 permite a los atacantes autenticados remotos leer archivos arbitrarios a través de vectores no especificados • http://www.securityfocus.com/bid/94967 https://jvn.jp/en/jp/JVN16200242/index.html https://support.cybozu.com/ja-jp/article/9561 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 27EXPL: 0CVE-2016-4909
https://notcve.org/view.php?id=CVE-2016-4909
Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Cybozu Garoon versiones 3.0.0 hasta 4.2.2, permite a los atacantes remotos secuestrar la identificación de un usuario que ha iniciado sesión para forzar un cierre de sesión por medio de vectores no especificados. • http://www.securityfocus.com/bid/94973 http://www.securityfocus.com/bid/97911 https://jvn.jp/en/jp/JVN15222211/index.html https://support.cybozu.com/ja-jp/article/9459 • CWE-352: Cross-Site Request Forgery (CSRF) •