73 matches found
Weseek GROWI Security Vulnerability
Weseek GROWI is a team collaboration software from Weseek Japan. A security vulnerability exists in Weseek GROWI versions prior to v6.0.0. An attacker could exploit this vulnerability to conduct cross-site scripting attacks...
WESEEK GROWI Security Breach
Weseek GROWI is a team collaboration software package from Weseek Japan. A security vulnerability exists in WESEEK GROWI versions prior to v6.0.0. An attacker could exploit this vulnerability to perform cross-site request forgery attacks...
JVN#18715935: Multiple vulnerabilities in GROWI
GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the presentation feature CWE-79 - CVE-2023-42436 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...
Weseek GROWI 安全漏洞
Weseek GROWI is a suite of team collaboration software from Weseek Japan. A security vulnerability exists in Weseek GROWI v5 series versions prior to v5.1.4 and v4 series versions prior to v4.5.25, which stems from an access restriction failure and can be exploited by an attacker to view...
CVE-2022-1236
Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0...
CVE-2022-1236 Weak Password Requirements in weseek/growi
Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0...
CVE-2022-1236 Weak Password Requirements in weseek/growi
Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0...
Growi 安全漏洞
Weseek Growi is an open source wiki system that can be written in Markdown by the Japanese company Weseek. A security vulnerability exists in the GitHub repository weseek/growi prior to version 5.0.0, which stems from a low password requirement...
CVE-2021-3852 Authorization Bypass Through User-Controlled Key in weseek/growi
growi is vulnerable to Authorization Bypass Through User-Controlled Key...
Weseek growi 安全漏洞
Weseek Growi is an open source wiki system that can be written in Markdown by the Japanese company Weseek. Weseek growi suffers from a security vulnerability that allows an attacker to bypass authorization with a user-controlled key...
in weseek/growi
✍️ Description In following endpoint don't check the authorization of users and any user can delete other users comments /api/comments.remove the body of request is like this : "commentid" : "61393bb36970d0000c62b3cf" , "csrf" : any user receive all commentid and can easily replace other users...
WESEEK GROWI Input Validation Error Vulnerability (CNVD-2021-43488)
Weseek GROWI is a suite of team collaboration software from Weseek Japan. An input validation error vulnerability exists in WESEEK GROWI that arises from a network system or product that does not properly validate input data. A remote attacker could exploit this vulnerability to obtain or tamper...
WESEEK GROWI Access Control Error Vulnerability (CNVD-2021-43487)
Weseek GROWI is a suite of team collaboration software from Weseek Japan. An access control error vulnerability exists in WESEEK GROWI that originates from an error in the handling of authentication requests. A remote, authenticated attacker could exploit the vulnerability to view unauthorized...
Weseek GROWI 授权问题漏洞
Weseek GROWI is a suite of team collaboration software from Weseek Japan. An access control error vulnerability exists in WESEEK GROWI that originates from an error in the handling of authentication requests. A remote, authenticated attacker could exploit the vulnerability to view unauthorized...
JVN#95457785: Multiple vulnerabilities in GROWI
GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. NoSQL injection CWE-943 - CVE-2021-20736 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 7.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5 Improper...
Weseek GROWI 注入漏洞
Weseek GROWI is a suite of team collaboration software from Weseek Japan. An input validation error vulnerability exists in WESEEK GROWI that arises from a network system or product that does not properly validate input data. A remote attacker could exploit this vulnerability to obtain or tamper...
GROWI Cross-Site Scripting Vulnerability (CNVD-2021-19694)
Weseek GROWI is a suite of team collaboration software from Weseek Japan. A stored cross-site scripting vulnerability exists in the administrator page in GROWI 4.2.0 - 4.2.7. An attacker can exploit this vulnerability to execute arbitrary script in a logged-in user's web browser...
GROWI Cross-Site Scripting Vulnerability (CNVD-2021-19695)
Weseek GROWI is a suite of team collaboration software from Weseek Japan. A reflected cross-site scripting vulnerability exists in GROWI 4.2.0 - 4.2.7. The vulnerability stems from insufficient validation of URL query parameters. An attacker can exploit this vulnerability to execute arbitrary...
JVN#86438134: Multiple cross-site scripting vulnerabilities in GROWI
GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters CWE-79 - CVE-2021-20672 Version| Vector| Score ---|---|--- CVSS v3|...
Weseek GROWI 跨站脚本漏洞
Weseek GROWI is a suite of team collaboration software from Weseek Japan. A reflected cross-site scripting vulnerability exists in GROWI 4.2.0 - 4.2.7. The vulnerability stems from insufficient validation of URL query parameters. An attacker can exploit this vulnerability to execute arbitrary...