Cybozu ≫ Garoon

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.

Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.

The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.

Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.

Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.

Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.

Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.

SQL injection vulnerability in Cybozu Garoon before 4.2.2.

Cybozu Garoon before 4.2.2 does not properly restrict access.

Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.