14 results (0.019 seconds)

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors. Android App "Mailwise for Android" versiones 1.0.0 hasta 2.5, permite a un atacante obtener información de credenciales registrada en el producto por medio de vectores no especificados. • https://jvn.jp/en/jp/JVN78745667/index.html https://kb.cybozu.support/article/36411 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Cybozu Mailwise, desde la versión 5.0.0 hasta la 5.4.5, que permite que un atacante remoto elimine archivos arbitrarios mediante vectores sin especificar. • https://jvn.jp/en/jp/JVN83739174/index.html https://kb.cybozu.support/article/34135 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en Cybozu Mailwise, de la versión 5.0.0 a la 5.4.1, permite que atacantes remotos autenticados inyecte scripts web o HTML arbitrarios en "Address" mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN52319657/index.html https://support.cybozu.com/ja-jp/article/10196 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) reflejado en Cybozu Mailwise, de la versión 5.0.0 a la 5.4.1, permite que atacantes remotos autenticados inyecte scripts web o HTML arbitrarios en "System settings" mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN52319657/index.html https://support.cybozu.com/ja-jp/article/10193 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) persistente en Cybozu Mailwise, de la versión 5.0.0 a la 5.4.1, permite que atacantes remotos autenticados inyecte scripts web o HTML "E-mail Details Screen" arbitrarios mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN52319657/index.html https://support.cybozu.com/ja-jp/article/10194 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •