Lucene search
+L

73 matches found

CNNVD
CNNVD
added 2023/12/13 12:0 a.m.5 views

Weseek GROWI Security Vulnerability

Weseek GROWI is a team collaboration software from Weseek Japan. A security vulnerability exists in Weseek GROWI versions prior to v6.0.0. An attacker could exploit this vulnerability to conduct cross-site scripting attacks...

5.4CVSS6AI score0.00355EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.4 views

WESEEK GROWI Security Breach

Weseek GROWI is a team collaboration software package from Weseek Japan. A security vulnerability exists in WESEEK GROWI versions prior to v6.0.0. An attacker could exploit this vulnerability to perform cross-site request forgery attacks...

4.3CVSS6.7AI score0.00178EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/12/13 12:0 a.m.25 views

JVN#18715935: Multiple vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the presentation feature CWE-79 - CVE-2023-42436 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

6.5CVSS6AI score0.0045EPSS
Exploits0
CNNVD
CNNVD
added 2022/10/07 12:0 a.m.6 views

Weseek GROWI 安全漏洞

Weseek GROWI is a suite of team collaboration software from Weseek Japan. A security vulnerability exists in Weseek GROWI v5 series versions prior to v5.1.4 and v4 series versions prior to v4.5.25, which stems from an access restriction failure and can be exploited by an attacker to view...

6.5CVSS5.7AI score0.00782EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/04/05 9:15 a.m.6 views

CVE-2022-1236

Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0...

6.5CVSS5.6AI score0.00535EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/04/05 8:25 a.m.25 views

CVE-2022-1236 Weak Password Requirements in weseek/growi

Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0...

4.3CVSS6.7AI score0.00535EPSS
Exploits0References2
OSV
OSV
added 2022/04/05 8:25 a.m.18 views

CVE-2022-1236 Weak Password Requirements in weseek/growi

Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0...

4.3CVSS4.9AI score0.00535EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/05 12:0 a.m.5 views

Growi 安全漏洞

Weseek Growi is an open source wiki system that can be written in Markdown by the Japanese company Weseek. A security vulnerability exists in the GitHub repository weseek/growi prior to version 5.0.0, which stems from a low password requirement...

6.5CVSS5.4AI score0.00535EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/01/12 10:15 a.m.28 views

CVE-2021-3852 Authorization Bypass Through User-Controlled Key in weseek/growi

growi is vulnerable to Authorization Bypass Through User-Controlled Key...

6.3CVSS7.7AI score0.00808EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/01/12 12:0 a.m.6 views

Weseek growi 安全漏洞

Weseek Growi is an open source wiki system that can be written in Markdown by the Japanese company Weseek. Weseek growi suffers from a security vulnerability that allows an attacker to bypass authorization with a user-controlled key...

7.5CVSS6.8AI score0.00808EPSS
Exploits1References3
Huntr
Huntr
added 2021/09/08 11:41 p.m.18 views

in weseek/growi

✍️ Description In following endpoint don't check the authorization of users and any user can delete other users comments /api/comments.remove the body of request is like this : "commentid" : "61393bb36970d0000c62b3cf" , "csrf" : any user receive all commentid and can easily replace other users...

5CVSS3.3AI score0.00808EPSS
Exploits1
CNVD
CNVD
added 2021/06/17 12:0 a.m.7 views

WESEEK GROWI Input Validation Error Vulnerability (CNVD-2021-43488)

Weseek GROWI is a suite of team collaboration software from Weseek Japan. An input validation error vulnerability exists in WESEEK GROWI that arises from a network system or product that does not properly validate input data. A remote attacker could exploit this vulnerability to obtain or tamper...

9.1CVSS6.3AI score0.01307EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/17 12:0 a.m.3 views

WESEEK GROWI Access Control Error Vulnerability (CNVD-2021-43487)

Weseek GROWI is a suite of team collaboration software from Weseek Japan. An access control error vulnerability exists in WESEEK GROWI that originates from an error in the handling of authentication requests. A remote, authenticated attacker could exploit the vulnerability to view unauthorized...

6.5CVSS6.6AI score0.01052EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/06/14 12:0 a.m.8 views

Weseek GROWI 授权问题漏洞

Weseek GROWI is a suite of team collaboration software from Weseek Japan. An access control error vulnerability exists in WESEEK GROWI that originates from an error in the handling of authentication requests. A remote, authenticated attacker could exploit the vulnerability to view unauthorized...

6.5CVSS5.6AI score0.01052EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/14 12:0 a.m.75 views

JVN#95457785: Multiple vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. NoSQL injection CWE-943 - CVE-2021-20736 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 7.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5 Improper...

9.1CVSS7.7AI score0.01307EPSS
Exploits0
CNNVD
CNNVD
added 2021/06/14 12:0 a.m.5 views

Weseek GROWI 注入漏洞

Weseek GROWI is a suite of team collaboration software from Weseek Japan. An input validation error vulnerability exists in WESEEK GROWI that arises from a network system or product that does not properly validate input data. A remote attacker could exploit this vulnerability to obtain or tamper...

9.1CVSS5.7AI score0.01307EPSS
Exploits0References3
CNVD
CNVD
added 2021/03/11 12:0 a.m.6 views

GROWI Cross-Site Scripting Vulnerability (CNVD-2021-19694)

Weseek GROWI is a suite of team collaboration software from Weseek Japan. A stored cross-site scripting vulnerability exists in the administrator page in GROWI 4.2.0 - 4.2.7. An attacker can exploit this vulnerability to execute arbitrary script in a logged-in user's web browser...

4.8CVSS6.2AI score0.00754EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/11 12:0 a.m.11 views

GROWI Cross-Site Scripting Vulnerability (CNVD-2021-19695)

Weseek GROWI is a suite of team collaboration software from Weseek Japan. A reflected cross-site scripting vulnerability exists in GROWI 4.2.0 - 4.2.7. The vulnerability stems from insufficient validation of URL query parameters. An attacker can exploit this vulnerability to execute arbitrary...

6.1CVSS6.4AI score0.00947EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/10 12:0 a.m.63 views

JVN#86438134: Multiple cross-site scripting vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters CWE-79 - CVE-2021-20672 Version| Vector| Score ---|---|--- CVSS v3|...

6.1CVSS5.8AI score0.00947EPSS
Exploits0
CNNVD
CNNVD
added 2021/03/10 12:0 a.m.11 views

Weseek GROWI 跨站脚本漏洞

Weseek GROWI is a suite of team collaboration software from Weseek Japan. A reflected cross-site scripting vulnerability exists in GROWI 4.2.0 - 4.2.7. The vulnerability stems from insufficient validation of URL query parameters. An attacker can exploit this vulnerability to execute arbitrary...

6.1CVSS5.6AI score0.00947EPSS
Exploits0References4
Rows per page
Query Builder