4 matches found
CVE-2023-46699
Cross-site request forgery CSRF vulnerability exists in the User settings /me page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user's intention...
CVE-2023-46699
Cross-site request forgery CSRF vulnerability exists in the User settings /me page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user's intention...
CVE-2023-46699
GROWI versions prior to v6.0.0 are affected by a CSRF vulnerability on the User settings page (/me). If a logged-in user views a malicious page, settings may be changed without the user’s intention (UI:R, S:U, I:L). The issue is confirmed across multiple sources (CVE-2023-46699) with remediation ...
JVN#18715935: Multiple vulnerabilities in GROWI
GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the presentation feature CWE-79 - CVE-2023-42436 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...