WESEEK, Inc. GROWI vv.3.1.11 and earlier - 4 CVEs

CVE-2018-0652

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page.

UNKNOWN Published Sep 07, 2018

CVE-2018-0653

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via Wiki page view.

UNKNOWN Published Sep 07, 2018

CVE-2018-0654

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the modal for creating Wiki page.

UNKNOWN Published Sep 07, 2018

CVE-2018-0655

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the app settings section of admin page.

UNKNOWN Published Sep 07, 2018

Version v.3.1.11 and earlier

Known Vulnerabilities

CVE-2018-0652

CVE-2018-0653

CVE-2018-0654

CVE-2018-0655