CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1216
https://notcve.org/view.php?id=CVE-2016-1216
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2. Vulnerabilidad XSS en la función "New appointment" en Cybozu Garoon en versiones anteriores a 4.2.2. • http://jvn.jp/en/jp/JVN67595539/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000145.html http://www.securityfocus.com/bid/92601 https://support.cybozu.com/ja-jp/article/9223 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1217
https://notcve.org/view.php?id=CVE-2016-1217
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. Vulnerabilidad XSS en la función "Check available times" en Cybozu Garoon en versiones anteriores a 4.2.2. • http://jvn.jp/en/jp/JVN67595539/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000146.html http://www.securityfocus.com/bid/92601 https://support.cybozu.com/ja-jp/article/9235 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1220
https://notcve.org/view.php?id=CVE-2016-1220
Cybozu Garoon before 4.2.2 does not properly restrict access. Cybozu Garoon en versiones anteriores a 4.2.2 no restringe correctamente el acceso. • http://jvn.jp/en/jp/JVN93411577/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000149.html http://www.securityfocus.com/bid/92599 https://support.cybozu.com/ja-jp/article/9407 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1218
https://notcve.org/view.php?id=CVE-2016-1218
SQL injection vulnerability in Cybozu Garoon before 4.2.2. Vulnerabilidad de inyección SQL en Cybozu Garoon en versiones anteriores a 4.2.2. • http://jvn.jp/en/jp/JVN83568336/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000147.html http://www.securityfocus.com/bid/92600 https://support.cybozu.com/ja-jp/article/9414 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1214
https://notcve.org/view.php?id=CVE-2016-1214
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2. Vulnerabilidad XSS en la función "Response request" en Cybozu Garoon en versiones anteriores a 4.2.2. • http://jvn.jp/en/jp/JVN67595539/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000143.html http://www.securityfocus.com/bid/92601 https://support.cybozu.com/ja-jp/article/9222 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •