CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0702
https://notcve.org/view.php?id=CVE-2018-0702
Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Cybozu Mailwise, desde la versión 5.0.0 hasta la 5.4.5, que permite que un atacante remoto elimine archivos arbitrarios mediante vectores sin especificar. • https://jvn.jp/en/jp/JVN83739174/index.html https://kb.cybozu.support/article/34135 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0559
https://notcve.org/view.php?id=CVE-2018-0559
Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en Cybozu Mailwise, de la versión 5.0.0 a la 5.4.1, permite que atacantes remotos autenticados inyecte scripts web o HTML arbitrarios en "Address" mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN52319657/index.html https://support.cybozu.com/ja-jp/article/10196 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0558
https://notcve.org/view.php?id=CVE-2018-0558
Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) reflejado en Cybozu Mailwise, de la versión 5.0.0 a la 5.4.1, permite que atacantes remotos autenticados inyecte scripts web o HTML arbitrarios en "System settings" mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN52319657/index.html https://support.cybozu.com/ja-jp/article/10193 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0557
https://notcve.org/view.php?id=CVE-2018-0557
Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) persistente en Cybozu Mailwise, de la versión 5.0.0 a la 5.4.1, permite que atacantes remotos autenticados inyecte scripts web o HTML "E-mail Details Screen" arbitrarios mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN52319657/index.html https://support.cybozu.com/ja-jp/article/10194 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2016-4841
https://notcve.org/view.php?id=CVE-2016-4841
Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers. Cybozu Mailwise en versiones anteriores a 5.4.0 permite a atacantes inyectar las cabeceras de email arbitrarios. • http://jvn.jp/en/jp/JVN01353821/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000135.html http://www.securityfocus.com/bid/92459 https://support.cybozu.com/ja-jp/article/9607 • CWE-20: Improper Input Validation •