Filtered by vendor Cybozu Subscriptions
Filtered by product Garoon Subscriptions
Total 194 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-2257 1 Cybozu 1 Garoon 2025-04-20 N/A
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.
CVE-2016-7803 1 Cybozu 1 Garoon 2025-04-20 N/A
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
CVE-2016-1217 1 Cybozu 1 Garoon 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.
CVE-2016-1220 1 Cybozu 1 Garoon 2025-04-20 N/A
Cybozu Garoon before 4.2.2 does not properly restrict access.
CVE-2016-7802 1 Cybozu 1 Garoon 2025-04-20 N/A
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
CVE-2017-2145 1 Cybozu 1 Garoon 2025-04-20 N/A
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.
CVE-2016-4907 1 Cybozu 1 Garoon 2025-04-20 N/A
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
CVE-2016-1194 1 Cybozu 1 Garoon 2025-04-20 N/A
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.
CVE-2016-1216 1 Cybozu 1 Garoon 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.
CVE-2017-2146 1 Cybozu 1 Garoon 2025-04-20 N/A
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.
CVE-2016-4908 1 Cybozu 1 Garoon 2025-04-20 N/A
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.
CVE-2016-1218 1 Cybozu 1 Garoon 2025-04-20 N/A
SQL injection vulnerability in Cybozu Garoon before 4.2.2.
CVE-2016-1219 1 Cybozu 1 Garoon 2025-04-20 N/A
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.
CVE-2017-2093 1 Cybozu 1 Garoon 2025-04-20 N/A
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.
CVE-2015-5647 1 Cybozu 1 Garoon 2025-04-12 N/A
The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866.
CVE-2014-1989 1 Cybozu 1 Garoon 2025-04-12 N/A
Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls.
CVE-2014-1993 1 Cybozu 1 Garoon 2025-04-12 N/A
The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
CVE-2014-0817 1 Cybozu 1 Garoon 2025-04-12 N/A
Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors.
CVE-2015-7776 1 Cybozu 1 Garoon 2025-04-12 N/A
Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.
CVE-2016-1193 1 Cybozu 1 Garoon 2025-04-12 N/A
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.