Lucene search

K

11 matches found

CVE
CVE
added 2021/06/22 2:15 a.m.71 views

CVE-2021-20736

NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors.

9.1CVSS8.8AI score0.0035EPSS
CVE
CVE
added 2021/06/22 2:15 a.m.64 views

CVE-2021-20737

Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to view the unauthorized pages without access privileges via unspecified vectors.

6.5CVSS6.6AI score0.00255EPSS
CVE
CVE
added 2021/01/19 5:15 a.m.61 views

CVE-2021-20619

Cross-site scripting vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors.

6.1CVSS6AI score0.00464EPSS
CVE
CVE
added 2021/03/10 10:15 a.m.43 views

CVE-2021-20673

Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.

4.8CVSS4.7AI score0.00259EPSS
CVE
CVE
added 2021/03/10 10:15 a.m.35 views

CVE-2021-20668

Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read an arbitrary path via a specially crafted URL.

4CVSS3.9AI score0.00283EPSS
CVE
CVE
added 2021/03/10 10:15 a.m.33 views

CVE-2021-20670

Improper access control vulnerability in GROWI versions v4.2.2 and earlier allows a remote unauthenticated attacker to read the user's personal information and/or server's internal information via unspecified vectors.

7.5CVSS7.2AI score0.01041EPSS
CVE
CVE
added 2021/03/10 10:15 a.m.32 views

CVE-2021-20671

Invalid file validation on the upload feature in GROWI versions v4.2.2 allows a remote attacker with administrative privilege to overwrite the files on the server, which may lead to arbitrary code execution.

7.2CVSS7.3AI score0.02211EPSS
CVE
CVE
added 2021/03/10 10:15 a.m.31 views

CVE-2021-20667

Stored cross-site scripting vulnerability due to inadequate CSP (Content Security Policy) configuration in GROWI versions v4.2.2 and earlier allows remote authenticated attackers to inject an arbitrary script via a specially crafted content.

5.4CVSS4.9AI score0.00209EPSS
CVE
CVE
added 2021/03/10 10:15 a.m.30 views

CVE-2021-20669

Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read and/or delete an arbitrary path via a specially crafted URL.

6.5CVSS4.6AI score0.0026EPSS
CVE
CVE
added 2021/03/10 10:15 a.m.30 views

CVE-2021-20672

Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors.

6.1CVSS6AI score0.00419EPSS
CVE
CVE
added 2021/09/21 10:15 a.m.28 views

CVE-2021-20829

Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page.

6.1CVSS6.3AI score0.00332EPSS