CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2017-2172
https://notcve.org/view.php?id=CVE-2017-2172
Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo Cross-site scripting en Cybozu KUNAI para Android versión 3.0.0 hasta 3.0.6, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados. • https://jvn.jp/en/jp/JVN56588965/index.html https://support.cybozu.com/ja-jp/article/9909 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 27EXPL: 0CVE-2016-1187
https://notcve.org/view.php?id=CVE-2016-1187
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates. Cybozu KUNAI para iPhone 2.0.3 hasta la versión 3.1.5 y para Android 2.1.2 hasta la versión 3.0.4 no verifica certificados SSL. • http://jvn.jp/en/jp/JVN11994518/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.html https://support.cybozu.com/ja-jp/article/9446 https://support.cybozu.com/ja-jp/article/9495 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •