CVE-2015-7776

EUVD-2015-7675
Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
cybozugaroon
3.0.0
cybozugaroon
3.0.1
cybozugaroon
3.0.2
cybozugaroon
3.0.3
cybozugaroon
3.1.0
cybozugaroon
3.1.1
cybozugaroon
3.1.2
cybozugaroon
3.1.3
cybozugaroon
3.5.0
cybozugaroon
3.5.1
cybozugaroon
3.5.2
cybozugaroon
3.5.3
cybozugaroon
3.5.4
cybozugaroon
3.5.5
cybozugaroon
3.7.0
cybozugaroon
3.7.1
cybozugaroon
3.7.2
cybozugaroon
3.7.3
cybozugaroon
3.7.4
cybozugaroon
3.7.5
cybozugaroon
4.0.0
cybozugaroon
4.0.1
cybozugaroon
4.0.2
cybozugaroon
4.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN53542912/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000085
https://support.cybozu.com/ja-jp/article/8757
https://support.cybozu.com/ja-jp/article/8897
https://support.cybozu.com/ja-jp/article/8951
https://support.cybozu.com/ja-jp/article/8982
http://jvn.jp/en/jp/JVN53542912/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000085
https://support.cybozu.com/ja-jp/article/8757
https://support.cybozu.com/ja-jp/article/8897
https://support.cybozu.com/ja-jp/article/8951
https://support.cybozu.com/ja-jp/article/8982