Vulnerability CVE-2016-4865

Vulnerability CVE-2016-4865

Published: 2017-04-17

Description:

Version:

9.9.0
9.3.2
9.3.1
9.3.0

9.2.1
9.2.0
9.1.0
9.0

10.4.0
10.3.0
10.2.0
10.1.2

10.1.0
10.0.2
10.0.1
10.0.0

CVSS Base Score	Impact Subscore	Exploitability Subscore
3.5/10	2.9/10	6.8/10

http://jvn.jp/en/jp/JVN06726266/index.html

http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html

http://www.securityfocus.com/bid/93281

https://support.cybozu.com/ja-jp/article/9430

	Related CVE
CVE-2017-10857	Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.
CVE-2017-2258	Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".
CVE-2017-2257	Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.
CVE-2017-2255	Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".
CVE-2017-2256	Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo".
CVE-2017-2254	Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input
CVE-2017-2172	Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-2146	Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.