4 matches found
CVE-2023-50294
creationtimestamp| type| source ---|---|--- 2023-12-26 09:27:02+00:00| seen| https://t.me/ctinow/159291 2023-12-28 00:51:02+00:00| seen| https://t.me/arpsyndicate/2169 2024-01-19 11:16:21+00:00| seen| https://t.me/ctinow/170147...
CVE-2023-50294
The App Settings /admin/app page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page...
CVE-2023-50294
The CVE-2023-50294 issue affects GROWI prior to v6.0.6, where the App Settings page (/admin/app) stores the Secret access key in cleartext. An attacker who can access this page could obtain the external service secret key. The Red Hat, NVD, OSV, and JVN entries corroborate this vulnerability and ...
JVN#18715935: Multiple vulnerabilities in GROWI
GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the presentation feature CWE-79 - CVE-2023-42436 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...