Cybozu Garoon

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Cybozu Garoon.

By the Year

In 2026 there have been 3 vulnerabilities in Cybozu Garoon. Garoon did not have any published security vulnerabilities last year. That is, 3 more vulnerabilities have already been reported in 2026 as compared to last year.

Year	Vulnerabilities	Average Score
2026	3	0.00
2025	0	0.00
2024	9	5.13
2023	3	5.03
2022	19	5.16
2021	23	0.00
2020	16	5.88
2019	26	5.74
2018	10	5.43

It may take a day or so for new Garoon vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Cybozu Garoon Security Vulnerabilities

CVE-2026-22888 Garoon 5.06.0 Portal Settings Input Validation Bypass
CVE-2026-22888 - February 02, 2026

Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.

Improper Handling of Extra Values

Cybozu Garoon XSS in Message 5.15.06.0.3 enabling password reset
CVE-2026-22881 - February 02, 2026

Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users passwords.

XSS

XSS in Cybozu Garoon 5.0.0-6.0.3 Email Allows Password Reset
CVE-2026-20711 - February 02, 2026

Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users passwords.

XSS

XSS in PDF preview of Cybozu Garoon 6.0.0-6.0.1
CVE-2024-39457 5.4 - Medium - July 19, 2024

Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in users web browser.

XSS

Cybozu Garoon 5.0.0-5.15.2 DoS via Resource Loop in Mail
CVE-2024-31399 6.5 - Medium - June 11, 2024

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.

Garoon 5.0-5.15.2 Auth Bypass: Delete Shared To-Do Data
CVE-2024-31402 4.3 - Medium - June 11, 2024

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.

AuthZ

CVE-2024-31398: Sensitive Data Leak in Cybozu Garoon 5.0.0-5.15.2 via Sent Data
CVE-2024-31398 4.3 - Medium - June 11, 2024

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.

DoS via Extra Value Handling in Cybozu Garoon <5.15.2
CVE-2024-31397 - June 11, 2024

Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition.

Cybozu Garoon 5.5-6.0 Scheduler Sensitive Data Exposure
CVE-2024-31404 - June 11, 2024

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.

XSS in Cybozu Garoon <=5.15.2 (Admin Auth)
CVE-2024-31401 - June 11, 2024

Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.

Cybozu Garoon 5.0.0-5.15.0 Sensitive Data Leakage via Forwarded Mail
CVE-2024-31400 - June 11, 2024

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.

Garoon 5.x Memo Auth Bypass - Cybozu
CVE-2024-31403 - June 11, 2024

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.

Cybozu Garoon Message DoS in 4.10.0-5.9.2 (remote authenticated)
CVE-2023-26595 6.5 - Medium - May 23, 2023

Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.

Resource Exhaustion

CVE-2023-27304: Auth Bypass in Garoon Message/Bulletin (4.6.05.9.2)
CVE-2023-27304 4.3 - Medium - May 23, 2023

Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.

CVE-2023-27384 Cybozu Garoon <=5.15.0 Multireport Op Restrict Bypass
CVE-2023-27384 4.3 - Medium - May 23, 2023

Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1
CVE-2022-29512 6.5 - Medium - July 11, 2022

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.

Information Disclosure

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1
CVE-2022-30602 8.1 - High - July 11, 2022

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1
CVE-2022-30943 4.3 - Medium - July 11, 2022

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.

Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-31472 4.3 - Medium - July 11, 2022

Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.

Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-26054 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1
CVE-2022-27627 6.1 - Medium - July 04, 2022

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.

XSS

Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-26368 5.4 - Medium - July 04, 2022

Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.

Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-26051 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions
CVE-2022-29892 6.5 - Medium - July 04, 2022

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).

Improper Input Validation

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1
CVE-2022-29513 4.8 - Medium - July 04, 2022

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.

XSS

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0
CVE-2022-29484 8.1 - High - July 04, 2022

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1
CVE-2022-29467 4.3 - Medium - July 04, 2022

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.

Information Disclosure

Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-28718 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.

Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1
CVE-2022-28713 5.3 - Medium - July 04, 2022

Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.

authentification

Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-28692 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.

Improper Input Validation

Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon
CVE-2022-29471 4.3 - Medium - July 04, 2022

Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.

Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-27807 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.

Improper Input Validation

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-27803 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.

Improper Input Validation

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-27661 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.

There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may
CVE-2021-20773 - August 18, 2021

There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.

Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0
CVE-2021-20772 - August 18, 2021

Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.

Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0
CVE-2021-20771 - August 18, 2021

Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2
CVE-2021-20770 - August 18, 2021

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2
CVE-2021-20769 - August 18, 2021

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20768 - August 18, 2021

Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.

Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20767 - August 18, 2021

Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20766 - August 18, 2021

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20765 - August 18, 2021

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.

Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20764 - August 18, 2021

Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files.

Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20754 - August 18, 2021

Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege.

Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20756 - August 18, 2021

Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.

Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20755 - August 18, 2021

Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege.

Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20757 - August 18, 2021

Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20753 - August 18, 2021

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0
CVE-2021-20775 - August 18, 2021

Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Cybozu Garoon or by Cybozu? Click the Watch button to subscribe.

Cybozu
Vendor

Cybozu Garoon
Product

Cybozu Garoon

Don't miss out!

By the Year

Recent Cybozu Garoon Security Vulnerabilities

CVE-2026-22888 Garoon 5.06.0 Portal Settings Input Validation Bypass CVE-2026-22888 - February 02, 2026

Cybozu Garoon XSS in Message 5.15.06.0.3 enabling password reset CVE-2026-22881 - February 02, 2026

XSS in Cybozu Garoon 5.0.0-6.0.3 Email Allows Password Reset CVE-2026-20711 - February 02, 2026

XSS in PDF preview of Cybozu Garoon 6.0.0-6.0.1 CVE-2024-39457 5.4 - Medium - July 19, 2024

Cybozu Garoon 5.0.0-5.15.2 DoS via Resource Loop in Mail CVE-2024-31399 6.5 - Medium - June 11, 2024

Garoon 5.0-5.15.2 Auth Bypass: Delete Shared To-Do Data CVE-2024-31402 4.3 - Medium - June 11, 2024

CVE-2024-31398: Sensitive Data Leak in Cybozu Garoon 5.0.0-5.15.2 via Sent Data CVE-2024-31398 4.3 - Medium - June 11, 2024

DoS via Extra Value Handling in Cybozu Garoon <5.15.2 CVE-2024-31397 - June 11, 2024

Cybozu Garoon 5.5-6.0 Scheduler Sensitive Data Exposure CVE-2024-31404 - June 11, 2024

XSS in Cybozu Garoon <=5.15.2 (Admin Auth) CVE-2024-31401 - June 11, 2024

Cybozu Garoon 5.0.0-5.15.0 Sensitive Data Leakage via Forwarded Mail CVE-2024-31400 - June 11, 2024

Garoon 5.x Memo Auth Bypass - Cybozu CVE-2024-31403 - June 11, 2024

Cybozu Garoon Message DoS in 4.10.0-5.9.2 (remote authenticated) CVE-2023-26595 6.5 - Medium - May 23, 2023

CVE-2023-27304: Auth Bypass in Garoon Message/Bulletin (4.6.05.9.2) CVE-2023-27304 4.3 - Medium - May 23, 2023

CVE-2023-27384 Cybozu Garoon <=5.15.0 Multireport Op Restrict Bypass CVE-2023-27384 4.3 - Medium - May 23, 2023

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 CVE-2022-29512 6.5 - Medium - July 11, 2022

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 CVE-2022-30602 8.1 - High - July 11, 2022

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 CVE-2022-30943 4.3 - Medium - July 11, 2022

Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 CVE-2022-31472 4.3 - Medium - July 11, 2022

Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 CVE-2022-26054 4.3 - Medium - July 04, 2022

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 CVE-2022-27627 6.1 - Medium - July 04, 2022

Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 CVE-2022-26368 5.4 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 CVE-2022-26051 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions CVE-2022-29892 6.5 - Medium - July 04, 2022

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 CVE-2022-29513 4.8 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 CVE-2022-29484 8.1 - High - July 04, 2022

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 CVE-2022-29467 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 CVE-2022-28718 4.3 - Medium - July 04, 2022

Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 CVE-2022-28713 5.3 - Medium - July 04, 2022

Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 CVE-2022-28692 4.3 - Medium - July 04, 2022

Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon CVE-2022-29471 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 CVE-2022-27807 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 CVE-2022-27803 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 CVE-2022-27661 4.3 - Medium - July 04, 2022

There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may CVE-2021-20773 - August 18, 2021

Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 CVE-2021-20772 - August 18, 2021

Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 CVE-2021-20771 - August 18, 2021

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 CVE-2021-20770 - August 18, 2021

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 CVE-2021-20769 - August 18, 2021

Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 CVE-2021-20768 - August 18, 2021

Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 CVE-2021-20767 - August 18, 2021

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 CVE-2021-20766 - August 18, 2021

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 CVE-2021-20765 - August 18, 2021

Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 CVE-2021-20764 - August 18, 2021

Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 CVE-2021-20754 - August 18, 2021

Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 CVE-2021-20756 - August 18, 2021

Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 CVE-2021-20755 - August 18, 2021

Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 CVE-2021-20757 - August 18, 2021

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 CVE-2021-20753 - August 18, 2021

Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 CVE-2021-20775 - August 18, 2021

Stay on top of Security Vulnerabilities

Cybozu Vendor

Cybozu GaroonProduct

CVE-2026-22888 Garoon 5.06.0 Portal Settings Input Validation Bypass
CVE-2026-22888 - February 02, 2026

Cybozu Garoon XSS in Message 5.15.06.0.3 enabling password reset
CVE-2026-22881 - February 02, 2026

XSS in Cybozu Garoon 5.0.0-6.0.3 Email Allows Password Reset
CVE-2026-20711 - February 02, 2026

XSS in PDF preview of Cybozu Garoon 6.0.0-6.0.1
CVE-2024-39457 5.4 - Medium - July 19, 2024

Cybozu Garoon 5.0.0-5.15.2 DoS via Resource Loop in Mail
CVE-2024-31399 6.5 - Medium - June 11, 2024

Garoon 5.0-5.15.2 Auth Bypass: Delete Shared To-Do Data
CVE-2024-31402 4.3 - Medium - June 11, 2024

CVE-2024-31398: Sensitive Data Leak in Cybozu Garoon 5.0.0-5.15.2 via Sent Data
CVE-2024-31398 4.3 - Medium - June 11, 2024

DoS via Extra Value Handling in Cybozu Garoon <5.15.2
CVE-2024-31397 - June 11, 2024

Cybozu Garoon 5.5-6.0 Scheduler Sensitive Data Exposure
CVE-2024-31404 - June 11, 2024

XSS in Cybozu Garoon <=5.15.2 (Admin Auth)
CVE-2024-31401 - June 11, 2024

Cybozu Garoon 5.0.0-5.15.0 Sensitive Data Leakage via Forwarded Mail
CVE-2024-31400 - June 11, 2024

Garoon 5.x Memo Auth Bypass - Cybozu
CVE-2024-31403 - June 11, 2024

Cybozu Garoon Message DoS in 4.10.0-5.9.2 (remote authenticated)
CVE-2023-26595 6.5 - Medium - May 23, 2023

CVE-2023-27304: Auth Bypass in Garoon Message/Bulletin (4.6.05.9.2)
CVE-2023-27304 4.3 - Medium - May 23, 2023

CVE-2023-27384 Cybozu Garoon <=5.15.0 Multireport Op Restrict Bypass
CVE-2023-27384 4.3 - Medium - May 23, 2023

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1
CVE-2022-29512 6.5 - Medium - July 11, 2022

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1
CVE-2022-30602 8.1 - High - July 11, 2022

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1
CVE-2022-30943 4.3 - Medium - July 11, 2022

Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-31472 4.3 - Medium - July 11, 2022

Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-26054 4.3 - Medium - July 04, 2022

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1
CVE-2022-27627 6.1 - Medium - July 04, 2022

Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-26368 5.4 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-26051 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions
CVE-2022-29892 6.5 - Medium - July 04, 2022

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1
CVE-2022-29513 4.8 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0
CVE-2022-29484 8.1 - High - July 04, 2022

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1
CVE-2022-29467 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-28718 4.3 - Medium - July 04, 2022

Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1
CVE-2022-28713 5.3 - Medium - July 04, 2022

Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-28692 4.3 - Medium - July 04, 2022

Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon
CVE-2022-29471 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-27807 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-27803 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-27661 4.3 - Medium - July 04, 2022

There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may
CVE-2021-20773 - August 18, 2021

Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0
CVE-2021-20772 - August 18, 2021

Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0
CVE-2021-20771 - August 18, 2021

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2
CVE-2021-20770 - August 18, 2021

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2
CVE-2021-20769 - August 18, 2021

Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20768 - August 18, 2021

Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20767 - August 18, 2021

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20766 - August 18, 2021

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20765 - August 18, 2021

Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20764 - August 18, 2021

Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20754 - August 18, 2021

Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20756 - August 18, 2021

Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20755 - August 18, 2021

Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20757 - August 18, 2021

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20753 - August 18, 2021

Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0
CVE-2021-20775 - August 18, 2021

Cybozu
Vendor

Cybozu Garoon
Product