Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weseek growi vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2018-0655
Cross-site scripting vulnerability in GROWI v.3.1.11 and previous versions allows remote authenticated malicious users to inject arbitrary web script or HTML via the app settings section of admin page.
Weseek Growi
7.5
CVSSv3
CVE-2021-3852
growi is vulnerable to Authorization Bypass Through User-Controlled Key
Weseek Growi
7.5
CVSSv3
CVE-2020-5682
Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and previous versions GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and...
Weseek Growi
7.5
CVSSv3
CVE-2020-5683
Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and previous versions GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 se...
Weseek Growi
4.8
CVSSv3
CVE-2021-20673
Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated malicious users to inject an arbitrary script via unspecified vectors.
Weseek Growi
9.1
CVSSv3
CVE-2021-20736
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote malicious user to obtain and/or alter the information stored in the database via unspecified vectors.
Weseek Growi
5.4
CVSSv3
CVE-2018-16205
Cross-site scripting vulnerability in GROWI v3.2.3 and previous versions allows remote malicious users to inject arbitrary web script or HTML via New Page modal.
Weseek Growi
7.5
CVSSv3
CVE-2019-13337
In WESEEK GROWI prior to 3.5.0, the site-wide basic authentication can be bypassed by adding a URL parameter access_token (this is the parameter used by the API). No valid token is required since it is not validated by the backend. The website can then be browsed as if no basic a...
Weseek Growi
7.5
CVSSv3
CVE-2020-5676
GROWI v4.1.3 and previous versions allow remote malicious users to obtain information which is not allowed to access via unspecified vectors.
Weseek Growi
6.1
CVSSv3
CVE-2020-5677
Reflected cross-site scripting vulnerability in GROWI v4.0.0 and previous versions allows remote malicious users to inject arbitrary script via unspecified vectors.
Weseek Growi
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »