5 matches found
Cross site scripting
Stored cross-site scripting vulnerability in Admin Page of GROWI v4.2 Series versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...
CVE-2021-20673
CVE-2021-20673 is a stored cross-site scripting vulnerability in GROWI (v4.2 Series) Admin Page, affecting versions v4.2.0 through v4.2.7. The issue allows a remote authenticated attacker to inject arbitrary script into a logged-in user’s browser via unspecified vectors. Affected product: GROWI (...
CVE-2021-20619
Cross-site scripting vulnerability in GROWI v4.2 Series versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors...
CVE-2021-20619
Cross-site scripting vulnerability in GROWI v4.2 Series versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors...
JVN#94169589: Multiple vulnerabilities in GROWI
GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Denial-of-service DoS due to improper verification of input values CWE-400 - CVE-2020-5682 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L| Base Score: 5.3 CVSS v2|...