RSS   Vulnerabilities for 'Garoon'   RSS

2017-04-20
 
CVE-2016-1220

 

 
Cybozu Garoon before 4.2.2 does not properly restrict access.

 
 
CVE-2016-1218

 

 
SQL injection vulnerability in Cybozu Garoon before 4.2.2.

 
 
CVE-2016-1217

 

 
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.

 
 
CVE-2016-1216

 

 
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.

 
 
CVE-2016-1215

 

 
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.

 
 
CVE-2016-1214

 

 
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.

 
 
CVE-2016-1213

 

 
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.

 
 
CVE-2016-1219

 

 
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.

 
2016-06-25
 
CVE-2016-1193

 

 
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.

 
 
CVE-2016-1190

 

 
Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.

 


Copyright 2017, cxsecurity.com