Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors.
Max CVSS
6.1
EPSS Score
0.10%
Published
2022-08-18
Updated
2022-08-19
HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.13%
Published
2022-08-18
Updated
2022-08-19
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
Max CVSS
6.1
EPSS Score
0.10%
Published
2022-08-18
Updated
2022-08-19
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
Max CVSS
6.1
EPSS Score
0.10%
Published
2022-08-18
Updated
2022-08-19
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
Max CVSS
6.1
EPSS Score
0.10%
Published
2022-08-18
Updated
2022-08-19
Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.05%
Published
2021-03-18
Updated
2021-03-23
Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.
Max CVSS
6.1
EPSS Score
0.12%
Published
2021-03-18
Updated
2021-03-23
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.
Max CVSS
6.1
EPSS Score
0.12%
Published
2021-03-18
Updated
2021-03-23
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.
Max CVSS
6.1
EPSS Score
0.12%
Published
2021-03-18
Updated
2021-03-23
Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.05%
Published
2021-03-18
Updated
2022-07-12
Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.05%
Published
2021-03-18
Updated
2022-07-12
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function.
Max CVSS
6.5
EPSS Score
0.10%
Published
2019-12-26
Updated
2019-12-30
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen.
Max CVSS
7.5
EPSS Score
0.20%
Published
2019-01-09
Updated
2019-01-15
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests.
Max CVSS
7.5
EPSS Score
0.20%
Published
2019-01-09
Updated
2019-01-15
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.07%
Published
2018-06-26
Updated
2019-10-03
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
6.1
EPSS Score
0.09%
Published
2018-06-26
Updated
2018-08-08
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
6.1
EPSS Score
0.09%
Published
2018-06-26
Updated
2018-08-09
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.
Max CVSS
6.8
EPSS Score
0.27%
Published
2017-04-17
Updated
2017-04-20
Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.
Max CVSS
6.5
EPSS Score
0.22%
Published
2017-04-17
Updated
2017-05-23
customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489.
Max CVSS
6.8
EPSS Score
0.25%
Published
2016-02-17
Updated
2018-10-30
Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users.
Max CVSS
8.8
EPSS Score
0.16%
Published
2016-02-17
Updated
2016-02-22
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149.
Max CVSS
6.1
EPSS Score
0.27%
Published
2016-02-17
Updated
2016-02-22
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150.
Max CVSS
6.1
EPSS Score
0.27%
Published
2016-02-17
Updated
2016-02-22
customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153.
Max CVSS
6.8
EPSS Score
0.25%
Published
2016-02-17
Updated
2016-02-22
Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
Max CVSS
7.4
EPSS Score
0.29%
Published
2016-02-17
Updated
2016-02-22