Growi@4.2.0 Security Vulnerabilities and Issues — Growi@4.2.0 CVE List

Lucene search

WeseekGrowi4.2.0

5 matches found

CVE•added 2021/01/19 5:15 a.m.•62 views

CVE-2021-20619

Cross-site scripting vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors.

6.1CVSS6AI score0.00464EPSS

CVE•added 2020/12/16 8:15 a.m.•58 views

CVE-2020-5682

Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attack...

7.5CVSS7.3AI score0.00846EPSS

CVE•added 2021/03/10 10:15 a.m.•45 views

CVE-2021-20673

Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.

4.8CVSS4.7AI score0.00259EPSS

CVE•added 2020/12/16 8:15 a.m.•38 views

CVE-2020-5683

Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remot...

7.5CVSS7.4AI score0.00957EPSS

CVE•added 2021/03/10 10:15 a.m.•31 views

CVE-2021-20672

Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors.

6.1CVSS6AI score0.00419EPSS