Lucene search
K

4 matches found

NVD
NVD
added 2023/12/26 8:15 a.m.16 views

CVE-2023-46699

Cross-site request forgery CSRF vulnerability exists in the User settings /me page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user's intention...

4.3CVSS0.00178EPSS
Exploits0References2
OSV
OSV
added 2023/12/26 8:15 a.m.10 views

CVE-2023-46699

Cross-site request forgery CSRF vulnerability exists in the User settings /me page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user's intention...

4.3CVSS6.9AI score
Exploits0References2
CVE
CVE
added 2023/12/26 7:20 a.m.45 views

CVE-2023-46699

GROWI versions prior to v6.0.0 are affected by a CSRF vulnerability on the User settings page (/me). If a logged-in user views a malicious page, settings may be changed without the user’s intention (UI:R, S:U, I:L). The issue is confirmed across multiple sources (CVE-2023-46699) with remediation ...

4.3CVSS4.6AI score0.00178EPSS
Exploits0References2Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/12/13 12:0 a.m.24 views

JVN#18715935: Multiple vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the presentation feature CWE-79 - CVE-2023-42436 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

6.5CVSS6AI score0.0045EPSS
Exploits0
Rows per page
Query Builder