Check CVE Id
Check CWE Id
The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.
(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )
CVSS Base Score
The "Project" function in Cybozu Office 9.0.0 through 10.4.0 does not properly check access permissions, which allows remote authenticated users to alter project information.
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to obtain session information from users.
Cross-site scripting (XSS) vulnerability in "Schedule" function in Cybozu Office 9.0.0 through 10.4.0.
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.
The "breadcrumb trail" component in Cybozu Office 9.0.0 through 10.4.0 allows remote authenticated users to read the names of closed projects.
Cross-site scripting (XSS) vulnerability in the "Project" function in Cybozu Office 9.0.0 through 10.4.0.
The "Project" function in Cybozu 9.0.0 through 10.4.0 allows remote authenticated users to read closed project information.