Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
growi vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-20737
Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote malicious user to view the unauthorized pages without access privileges via unspecified vectors.
Weseek Growi
4
CVSSv2
CVE-2021-20668
Path traversal vulnerability in GROWI versions v4.2.2 and previous versions allows an attacker with administrator rights to read an arbitrary path via a specially crafted URL.
Weseek Growi
3.5
CVSSv2
CVE-2021-20667
Stored cross-site scripting vulnerability due to inadequate CSP (Content Security Policy) configuration in GROWI versions v4.2.2 and previous versions allows remote authenticated malicious users to inject an arbitrary script via a specially crafted content.
Weseek Growi
3.5
CVSSv2
CVE-2021-20673
Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated malicious users to inject an arbitrary script via unspecified vectors.
Weseek Growi
3.5
CVSSv2
CVE-2018-16205
Cross-site scripting vulnerability in GROWI v3.2.3 and previous versions allows remote malicious users to inject arbitrary web script or HTML via New Page modal.
Weseek Growi
3.5
CVSSv2
CVE-2018-0698
Cross-site scripting vulnerability in GROWI v3.2.3 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Weseek Growi
3.5
CVSSv2
CVE-2018-0652
Cross-site scripting vulnerability in GROWI v.3.1.11 and previous versions allows remote authenticated malicious users to inject arbitrary web script or HTML via the UserGroup Management section of admin page.
Weseek Growi
3.5
CVSSv2
CVE-2018-0655
Cross-site scripting vulnerability in GROWI v.3.1.11 and previous versions allows remote authenticated malicious users to inject arbitrary web script or HTML via the app settings section of admin page.
Weseek Growi
NA
CVE-2023-47215
Stored cross-site scripting vulnerability which is exploiting a behavior of the XSS Filter exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
Weseek Growi
NA
CVE-2023-49779
Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
Weseek Growi
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »