Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weseek growi vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-5678
Stored cross-site scripting vulnerability in GROWI v3.8.1 and previous versions allows remote malicious users to inject arbitrary script via unspecified vectors.
Weseek Growi
6.1
CVSSv3
CVE-2019-5969
Open redirect vulnerability in GROWI v3.4.6 and previous versions allows remote attackersto redirect users to arbitrary web sites and conduct phishing attacks via the process of login.
Weseek Growi
8.8
CVSSv3
CVE-2019-5968
Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and previous versions allows remote malicious users to hijack the authentication of administrators via updating user's 'Basic Info'.
Weseek Growi
6.1
CVSSv3
CVE-2021-20619
Cross-site scripting vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 allows remote malicious users to inject an arbitrary script via unspecified vectors.
Weseek Growi
5.4
CVSSv3
CVE-2021-20667
Stored cross-site scripting vulnerability due to inadequate CSP (Content Security Policy) configuration in GROWI versions v4.2.2 and previous versions allows remote authenticated malicious users to inject an arbitrary script via a specially crafted content.
Weseek Growi
2.7
CVSSv3
CVE-2021-20668
Path traversal vulnerability in GROWI versions v4.2.2 and previous versions allows an attacker with administrator rights to read an arbitrary path via a specially crafted URL.
Weseek Growi
4.7
CVSSv3
CVE-2021-20669
Path traversal vulnerability in GROWI versions v4.2.2 and previous versions allows an attacker with administrator rights to read and/or delete an arbitrary path via a specially crafted URL.
Weseek Growi
7.5
CVSSv3
CVE-2021-20670
Improper access control vulnerability in GROWI versions v4.2.2 and previous versions allows a remote unauthenticated malicious user to read the user's personal information and/or server's internal information via unspecified vectors.
Weseek Growi
6.1
CVSSv3
CVE-2021-20672
Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote malicious users to inject an arbitrary script via unspecified vectors.
Weseek Growi
6.5
CVSSv3
CVE-2021-20737
Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote malicious user to view the unauthorized pages without access privileges via unspecified vectors.
Weseek Growi
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »