CVSS: 5.4EPSS: 0%CPEs: 31EXPL: 0CVE-2013-6914
https://notcve.org/view.php?id=CVE-2013-6914
05 Dec 2013 — Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en un componente de calendario en Cybozu Garoon anteriores a 3.7.2 permite a usuarios autenticados remotamente inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 31EXPL: 0CVE-2013-6915
https://notcve.org/view.php?id=CVE-2013-6915
05 Dec 2013 — Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en un componente de administración del sistema en Cybozu Garoon anteriores a 3.7.2 permite a usuarios autenticados remotamente inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 65EXPL: 0CVE-2013-6916
https://notcve.org/view.php?id=CVE-2013-6916
05 Dec 2013 — Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en la Yahoo! User Interface Library en Cybozu Garoon anteriores a 3.7.2, cuando Internet Explorer 9 o 10, o Chrome son utilizados, permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores ... • http://cs.cybozu.co.jp/information/20131202up01.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 30EXPL: 0CVE-2013-6001
https://notcve.org/view.php?id=CVE-2013-6001
05 Dec 2013 — SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la función Space en Cybozu Garoon anteriores a 3.7 SP1 permite a atacantes autenticados remotamente ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2013-6002
https://notcve.org/view.php?id=CVE-2013-6002
05 Dec 2013 — The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. El servidor en Cybozu Garoon anteriores a 3.7 SP1 permite a atacantes remotos causar denegación de servicio (consumo de CPU) a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php • CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 0%CPEs: 31EXPL: 0CVE-2013-6004
https://notcve.org/view.php?id=CVE-2013-6004
05 Dec 2013 — Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de fijación de sesión en Cygozu Garoon anteriores a 3.7.2 permite a atacantes remotos secuestrar sesiones web a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2013-0702
https://notcve.org/view.php?id=CVE-2013-0702
14 Feb 2013 — Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad ante la ejecución de secuencias de comandos en sitios cruzados de Cybozu Garoon v2.0.0 hasta v3.5.3 permite a atacantes remotos inyectar web script o html arbitrarios por vectores sin especificar. • http://cs.cybozu.co.jp/information/20130125up01.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2011-1332
https://notcve.org/view.php?id=CVE-2011-1332
29 Jun 2011 — Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-6570. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Cybozu Office v6 y Cybozu Garoon v2.0.0 hasta v2.1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. Una vulnerabilidad diferente de CVE-2008-6570. • http://cybozu.co.jp/products/dl/notice/detail/0023.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2011-1333
https://notcve.org/view.php?id=CVE-2011-1333
29 Jun 2011 — Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the bulletin board system." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Cybozu Office v6 y Cybozu Garoon v2.0.0 hasta v2.1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con "la descarga de archivos... • http://cybozu.co.jp/products/dl/notice/detail/0019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 25EXPL: 0CVE-2011-1334
https://notcve.org/view.php?id=CVE-2011-1334
29 Jun 2011 — Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the mail system." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Cybozu Office v6, Cybozu Garoon v2.0.0 hasta v2.1.3, Cybozu Dezie antes de v6.1, Cybozu MailWise antes de v3.1, ... • http://cybozu.co.jp/products/dl/notice/detail/0019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •