CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0527
https://notcve.org/view.php?id=CVE-2018-0527
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en Cybozu Office, de la versión 10.0.0 a la 10.7.0, permite que atacantes remotos autenticados inyecte scripts web o HTML arbitrarios mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN51737843/index.html https://support.cybozu.com/ja-jp/article/10029 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0566
https://notcve.org/view.php?id=CVE-2018-0566
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors. Cybozu Office, de la versión 10.0.0 a la 10.8.0, permite que los atacantes autenticados omitan la autenticación para obtener los horarios sin el privilegio de acceso mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN51737843/index.html https://support.cybozu.com/ja-jp/article/10195 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0526
https://notcve.org/view.php?id=CVE-2018-0526
Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors. Cybozu Office, de la versión 10.0.0 a la 10.7.0, permite que los atacantes muestren una imagen en un servidor externo mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN51737843/index.html https://support.cybozu.com/ja-jp/article/10030 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0567
https://notcve.org/view.php?id=CVE-2018-0567
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors. Cybozu Office, de la versión 10.0.0 a la 10.8.0, permite que los atacantes autenticados omitan las restricciones de acceso para acceder y escribir datos no públicos mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN51737843/index.html https://support.cybozu.com/ja-jp/article/10198 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0529
https://notcve.org/view.php?id=CVE-2018-0529
Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors. Cybozu Office, de la versión 10.0.0 a la 10.7.0, permite que los atacantes remotos provoquen una denegación de servicio (DoS) mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN51737843/index.html https://support.cybozu.com/ja-jp/article/10052 • CWE-20: Improper Input Validation •