Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weseek growi vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-50175
Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page, the Markdown Settings (/admin/markdown) page, and the Customize (/admin/customize) page of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be execut...
Weseek Growi
NA
CVE-2023-50294
The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page.
Weseek Growi
NA
CVE-2023-50332
Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6. If this vulnerability is exploited, a user may delete or suspend its own account without the user's intention.
Weseek Growi
NA
CVE-2023-50339
Stored cross-site scripting vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.1.11. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
Weseek Growi
5
CVSSv2
CVE-2021-3852
growi is vulnerable to Authorization Bypass Through User-Controlled Key
Weseek Growi
NA
CVE-2023-49119
Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
Weseek Growi
6.4
CVSSv2
CVE-2022-1236
Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0.
Weseek Growi
NA
CVE-2023-46699
Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user's intention.
Weseek Growi
5
CVSSv2
CVE-2019-13338
In WESEEK GROWI prior to 3.5.0, a remote attacker can obtain the password hash of the creator of a page by leveraging wiki access to make API calls for page metadata. In other words, the password hash can be retrieved even though it is not a publicly available field.
Weseek Growi
4.3
CVSSv2
CVE-2020-5677
Reflected cross-site scripting vulnerability in GROWI v4.0.0 and previous versions allows remote malicious users to inject arbitrary script via unspecified vectors.
Weseek Growi
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »