CVE-2015-7776

4.3 MEDIUM

Published: June 19, 2016 Modified: May 06, 2026

Description

Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://jvn.jp/en/jp/JVN53542912/index.html

Source: vultures@jpcert.or.jp

Vendor Advisory

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000085

Source: vultures@jpcert.or.jp

Vendor Advisory

https://support.cybozu.com/ja-jp/article/8757

Source: vultures@jpcert.or.jp

Patch Vendor Advisory

https://support.cybozu.com/ja-jp/article/8897

Source: vultures@jpcert.or.jp

Patch Vendor Advisory

https://support.cybozu.com/ja-jp/article/8951

Source: vultures@jpcert.or.jp

Patch Vendor Advisory

https://support.cybozu.com/ja-jp/article/8982

Source: vultures@jpcert.or.jp

Patch Vendor Advisory

http://jvn.jp/en/jp/JVN53542912/index.html