Launchpad.net

CVE 2016-4908

Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.

See the CVE page on Mitre.org for more details.

References