Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
growi vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2019-5968
Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and previous versions allows remote malicious users to hijack the authentication of administrators via updating user's 'Basic Info'.
Weseek Growi
516
VMScore
CVE-2019-5969
Open redirect vulnerability in GROWI v3.4.6 and previous versions allows remote attackersto redirect users to arbitrary web sites and conduct phishing attacks via the process of login.
Weseek Growi
445
VMScore
CVE-2020-5683
Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and previous versions GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 se...
Weseek Growi
NA
CVE-2023-45737
Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page and the Markdown Settings (/admin/markdown) page of GROWI versions prior to v3.5.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who ac...
Weseek Growi
NA
CVE-2023-46699
Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user's intention.
Weseek Growi
NA
CVE-2023-47215
Stored cross-site scripting vulnerability which is exploiting a behavior of the XSS Filter exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
Weseek Growi
NA
CVE-2023-49598
Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
Weseek Growi
312
VMScore
CVE-2018-0652
Cross-site scripting vulnerability in GROWI v.3.1.11 and previous versions allows remote authenticated malicious users to inject arbitrary web script or HTML via the UserGroup Management section of admin page.
Weseek Growi
383
VMScore
CVE-2021-20829
Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and previous versions allows remote malicious users to execute an arbitrary script on the web browser of the user who accesses a specially crafted page.
Weseek Growi
445
VMScore
CVE-2019-13338
In WESEEK GROWI prior to 3.5.0, a remote attacker can obtain the password hash of the creator of a page by leveraging wiki access to make API calls for page metadata. In other words, the password hash can be retrieved even though it is not a publicly available field.
Weseek Growi
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »