Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
growi vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2019-5969
Open redirect vulnerability in GROWI v3.4.6 and previous versions allows remote attackersto redirect users to arbitrary web sites and conduct phishing attacks via the process of login.
Weseek Growi
5
CVSSv2
CVE-2019-13337
In WESEEK GROWI prior to 3.5.0, the site-wide basic authentication can be bypassed by adding a URL parameter access_token (this is the parameter used by the API). No valid token is required since it is not validated by the backend. The website can then be browsed as if no basic a...
Weseek Growi
3.5
CVSSv2
CVE-2018-0652
Cross-site scripting vulnerability in GROWI v.3.1.11 and previous versions allows remote authenticated malicious users to inject arbitrary web script or HTML via the UserGroup Management section of admin page.
Weseek Growi
4.3
CVSSv2
CVE-2018-0653
Cross-site scripting vulnerability in GROWI v.3.1.11 and previous versions allows remote malicious users to inject arbitrary web script or HTML via Wiki page view.
Weseek Growi
4.3
CVSSv2
CVE-2018-0654
Cross-site scripting vulnerability in GROWI v.3.1.11 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the modal for creating Wiki page.
Weseek Growi
3.5
CVSSv2
CVE-2018-0655
Cross-site scripting vulnerability in GROWI v.3.1.11 and previous versions allows remote authenticated malicious users to inject arbitrary web script or HTML via the app settings section of admin page.
Weseek Growi
3.5
CVSSv2
CVE-2018-0698
Cross-site scripting vulnerability in GROWI v3.2.3 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Weseek Growi
NA
CVE-2023-49598
Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
Weseek Growi
NA
CVE-2023-49779
Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
Weseek Growi
NA
CVE-2023-49807
Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
Weseek Growi
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »