Lucene search
K

4 matches found

Circl
Circl
added 2023/12/26 9:27 a.m.9 views

CVE-2023-50294

creationtimestamp| type| source ---|---|--- 2023-12-26 09:27:02+00:00| seen| https://t.me/ctinow/159291 2023-12-28 00:51:02+00:00| seen| https://t.me/arpsyndicate/2169 2024-01-19 11:16:21+00:00| seen| https://t.me/ctinow/170147...

6.5CVSS6.2AI score0.00317EPSS
Exploits0References3
OSV
OSV
added 2023/12/26 8:15 a.m.21 views

CVE-2023-50294

The App Settings /admin/app page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page...

6.5CVSS6.3AI score
Exploits0References2
CVE
CVE
added 2023/12/26 7:21 a.m.43 views

CVE-2023-50294

The CVE-2023-50294 issue affects GROWI prior to v6.0.6, where the App Settings page (/admin/app) stores the Secret access key in cleartext. An attacker who can access this page could obtain the external service secret key. The Red Hat, NVD, OSV, and JVN entries corroborate this vulnerability and ...

6.5CVSS6.2AI score0.00317EPSS
Exploits0References2Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/12/13 12:0 a.m.23 views

JVN#18715935: Multiple vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the presentation feature CWE-79 - CVE-2023-42436 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

6.5CVSS6AI score0.0045EPSS
Exploits0
Rows per page
Query Builder