Ken Asai

**Name of the Vulnerable Software and Affected Versions** Nippon Institute of Agroinformatics SOY CMS versions 1.4.0c and earlier **Description** The issue is related to a cross-site scripting (XSS) vulnerability, which allows remote attackers to inject arbitrary web script or HTML. This can be achieved via unspecified vectors. **Recommendations** For versions 1.4.0c and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cybozu Garoon versions 2.5.0 through 3.5.3 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege. **Recommendations** For Cybozu Garoon versions 2.5.0 through 3.5.3, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cybozu Garoon versions 2.0.0 through 3.5.3 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For Cybozu Garoon versions 2.0.0 through 3.5.3, update to a version that contains a fix for this issue.