Growi Security Vulnerabilities and Issues — Growi CVE List

Lucene search

WeseekGrowi

5 matches found

CVE•added 2021/03/10 10:15 a.m.•43 views

CVE-2021-20673

Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.

4.8CVSS4.7AI score0.00259EPSS

CVE•added 2018/09/07 2:29 p.m.•41 views

CVE-2018-0655

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the app settings section of admin page.

4.8CVSS4.9AI score0.00176EPSS

CVE•added 2018/09/07 2:29 p.m.•37 views

CVE-2018-0652

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page.

4.8CVSS4.9AI score0.00176EPSS

CVE•added 2021/03/10 10:15 a.m.•35 views

CVE-2021-20668

Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read an arbitrary path via a specially crafted URL.

4CVSS3.9AI score0.00283EPSS

CVE•added 2023/12/26 8:15 a.m.•28 views

CVE-2023-46699

Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user's intention.

4.3CVSS4.6AI score0.00115EPSS