CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39457
https://notcve.org/view.php?id=CVE-2024-39457
19 Jul 2024 — Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser. Cybozu Garoon 6.0.0 a 6.0.1 contiene una vulnerabilidad de Cross Site Scripting en la vista previa de PDF. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web de un usuario que haya iniciado sesión. • https://jvn.jp/en/jp/JVN74825766 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31399
https://notcve.org/view.php?id=CVE-2024-31399
11 Jun 2024 — Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition. Existe un consumo excesivo de recursos de la plataforma dentro de un problema de bucle en Cybozu Garoon 5.0.0 a 5.15.2. Si se aprovecha esta vulnerabilidad, el procesamiento de un correo manipulado puede provocar una condición de denegación de servicio (DoS). • https://cs.cybozu.co.jp/2024/007901.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31402
https://notcve.org/view.php?id=CVE-2024-31402
11 Jun 2024 — Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos. Vulnerabilidad de autorización incorrecta en Cybozu Garoon 5.0.0 a 5.15.2 permite a un atacante autenticado remoto eliminar los datos de tareas pendientes compartidas. • https://cs.cybozu.co.jp/2024/007901.html • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31398
https://notcve.org/view.php?id=CVE-2024-31398
11 Jun 2024 — Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users. Existe un problema de inserción de información confidencial en los datos enviados en Cybozu Garoon 5.0.0 a 5.15.2. Si se explota esta vulnerabilidad, un usuario que pueda iniciar sesión en el producto puede obtener información sobre la lista de usuarios. • https://cs.cybozu.co.jp/2024/007901.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31403
https://notcve.org/view.php?id=CVE-2024-31403
11 Jun 2024 — Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo. Vulnerabilidad de autorización incorrecta en Cybozu Garoon 5.0.0 a 6.0.0 permite a un atacante autenticado remoto alterar y/u obtener los datos de Memo. • https://cs.cybozu.co.jp/2024/007901.html • CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31401
https://notcve.org/view.php?id=CVE-2024-31401
11 Jun 2024 — Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product. Vulnerabilidad de Cross-Site Scripting en Cybozu Garoon 5.0.0 a 5.15.2 permite a un atacante remoto autenticado con privilegios administrativos inyectar un script arbitrario en el navegador web del usuario que inicia sesión en el producto. • https://cs.cybozu.co.jp/2024/007901.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26595
https://notcve.org/view.php?id=CVE-2023-26595
23 May 2023 — Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition. • https://cs.cybozu.co.jp/2023/007698.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27304
https://notcve.org/view.php?id=CVE-2023-27304
23 May 2023 — Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin. • https://cs.cybozu.co.jp/2023/007698.html • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27384
https://notcve.org/view.php?id=CVE-2023-27384
23 May 2023 — Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport. • https://cs.cybozu.co.jp/2023/007698.html • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31472
https://notcve.org/view.php?id=CVE-2022-31472
11 Jul 2022 — Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet. Una vulnerabilidad de omisión de la restricción de navegación en Cabinet de Cybozu Garoon versiones 4.0.0 a 5.5.1, permite a un atacante remoto autenticado obtener los datos de Cabinet • https://cs.cybozu.co.jp/2022/007429.html •