Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weseek growi vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-5677
Reflected cross-site scripting vulnerability in GROWI v4.0.0 and previous versions allows remote malicious users to inject arbitrary script via unspecified vectors.
Weseek Growi
6.1
CVSSv3
CVE-2020-5678
Stored cross-site scripting vulnerability in GROWI v3.8.1 and previous versions allows remote malicious users to inject arbitrary script via unspecified vectors.
Weseek Growi
7.5
CVSSv3
CVE-2019-13337
In WESEEK GROWI prior to 3.5.0, the site-wide basic authentication can be bypassed by adding a URL parameter access_token (this is the parameter used by the API). No valid token is required since it is not validated by the backend. The website can then be browsed as if no basic a...
Weseek Growi
7.5
CVSSv3
CVE-2019-13338
In WESEEK GROWI prior to 3.5.0, a remote attacker can obtain the password hash of the creator of a page by leveraging wiki access to make API calls for page metadata. In other words, the password hash can be retrieved even though it is not a publicly available field.
Weseek Growi
6.1
CVSSv3
CVE-2019-5969
Open redirect vulnerability in GROWI v3.4.6 and previous versions allows remote attackersto redirect users to arbitrary web sites and conduct phishing attacks via the process of login.
Weseek Growi
8.8
CVSSv3
CVE-2019-5968
Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and previous versions allows remote malicious users to hijack the authentication of administrators via updating user's 'Basic Info'.
Weseek Growi
5.4
CVSSv3
CVE-2018-16205
Cross-site scripting vulnerability in GROWI v3.2.3 and previous versions allows remote malicious users to inject arbitrary web script or HTML via New Page modal.
Weseek Growi
5.4
CVSSv3
CVE-2018-0698
Cross-site scripting vulnerability in GROWI v3.2.3 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Weseek Growi
6.1
CVSSv3
CVE-2018-0654
Cross-site scripting vulnerability in GROWI v.3.1.11 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the modal for creating Wiki page.
Weseek Growi
4.8
CVSSv3
CVE-2018-0655
Cross-site scripting vulnerability in GROWI v.3.1.11 and previous versions allows remote authenticated malicious users to inject arbitrary web script or HTML via the app settings section of admin page.
Weseek Growi
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995
CVE-2024-36680
CVE-2024-35537
unauthorized
CVE-2024-21518
CVE-2024-37673
cross-site scripting
SSRF
CVE-2024-6241
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »