9 matches found
CVE-2023-50175
Stored cross-site scripting vulnerability exists in the App Settings /admin/app page, the Markdown Settings /admin/markdown page, and the Customize /admin/customize page of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser o...
CVE-2023-50175
Stored cross-site scripting vulnerability exists in the App Settings /admin/app page, the Markdown Settings /admin/markdown page, and the Customize /admin/customize page of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser o...
CVE-2023-45737
Stored cross-site scripting vulnerability exists in the App Settings /admin/app page and the Markdown Settings /admin/markdown page of GROWI versions prior to v3.5.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using...
CVE-2023-45737
Stored cross-site scripting vulnerability exists in the App Settings /admin/app page and the Markdown Settings /admin/markdown page of GROWI versions prior to v3.5.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using...
CVE-2023-45737
Stored cross-site scripting vulnerability exists in the App Settings /admin/app page and the Markdown Settings /admin/markdown page of GROWI versions prior to v3.5.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using...
PT-2023-29660 · Growi · Growi
Name of the Vulnerable Software and Affected Versions: GROWI versions prior to v3.5.0 Description: A stored cross-site scripting issue exists in the App Settings /admin/app page and the Markdown Settings /admin/markdown page. If exploited, an arbitrary script may be executed on the web browser of...
PT-2023-31487 · Growi · Growi
Name of the Vulnerable Software and Affected Versions: GROWI versions prior to v6.0.0 Description: A stored cross-site scripting issue exists in the App Settings /admin/app page, the Markdown Settings /admin/markdown page, and the Customize /admin/customize page. This could allow an arbitrary...
Multiple vulnerabilities in GROWI
Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the presentation feature CWE-79 - CVE-2023-42436 Stored cross-site scripting vulnerability in the App Settings /admin/app page and the Markdown Settings...
JVN#96493183: GROWI vulnerable to cross-site scripting
GROWI provided by WESEEK, Inc. contains a cross-site scripting vulnerability CWE-79. The settings option for enabling and disabling the measures against cross-site scripting "Enable XSS prevention" option was introduced in v3.1.12. However, there was an issue with the implementation where the...