Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
WESEEK, Inc.

GROWI

15 Versions 32 CVEs

Versions

prior to v3.4.0

OTHER 1 CVE

versions prior to v4.2.20

OTHER 2 CVEs

prior to v6.0.0

OTHER 7 CVEs

prior to v4.1.3

OTHER 1 CVE

v3.4.6 and earlier

OTHER 2 CVEs

v3.8.1 and earlier

OTHER 1 CVE

versions v4.2.19 and earlier

OTHER 1 CVE

versions v4.2.2 and earlier

OTHER 5 CVEs

prior to v6.0.6

OTHER 2 CVEs

v6.1.11

OTHER 1 CVE

prior to v3.5.0

OTHER 1 CVE

v4.1.3 and earlier

OTHER 1 CVE

v.3.1.11 and earlier

OTHER 4 CVEs

v4.0.0 and earlier

OTHER 1 CVE

v3.2.3 and earlier

OTHER 2 CVEs

Recent CVEs

CVE-2023-42436

Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

UNKNOWN Dec 26, 2023

CVE-2023-50332

Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6. If this vulnerability is exploited, a user may delete or suspend its own account without the user's intention.

UNKNOWN Dec 26, 2023

CVE-2023-50294

The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page.

UNKNOWN Dec 26, 2023

CVE-2023-49807

Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

UNKNOWN Dec 26, 2023

CVE-2023-49779

Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

UNKNOWN Dec 26, 2023

CVE-2023-49598

Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

UNKNOWN Dec 26, 2023

CVE-2023-49119

Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

UNKNOWN Dec 26, 2023

CVE-2023-47215

Stored cross-site scripting vulnerability which is exploiting a behavior of the XSS Filter exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

UNKNOWN Dec 26, 2023