CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0527
https://notcve.org/view.php?id=CVE-2018-0527
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en Cybozu Office, de la versión 10.0.0 a la 10.7.0, permite que atacantes remotos autenticados inyecte scripts web o HTML arbitrarios mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN51737843/index.html https://support.cybozu.com/ja-jp/article/10029 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0526
https://notcve.org/view.php?id=CVE-2018-0526
Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors. Cybozu Office, de la versión 10.0.0 a la 10.7.0, permite que los atacantes muestren una imagen en un servidor externo mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN51737843/index.html https://support.cybozu.com/ja-jp/article/10030 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0567
https://notcve.org/view.php?id=CVE-2018-0567
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors. Cybozu Office, de la versión 10.0.0 a la 10.8.0, permite que los atacantes autenticados omitan las restricciones de acceso para acceder y escribir datos no públicos mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN51737843/index.html https://support.cybozu.com/ja-jp/article/10198 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0549
https://notcve.org/view.php?id=CVE-2018-0549
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en Cybozu Garoon, de la versión 3.0.0 a la 4.6.0, permite que atacantes remotos autenticados inyecte scripts web o HTML arbitrarios mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN65268217/index.html https://support.cybozu.com/ja-jp/article/10058 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0533
https://notcve.org/view.php?id=CVE-2018-0533
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors. Cybozu Garoon, de la versión 3.0.0 a la 4.2.6, permite que los atacantes remotos autenticados omitan las restricciones de acceso para alterar datos de configuración de la autenticación de sesión mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN65268217/index.html https://support.cybozu.com/ja-jp/article/9375 •