Vulnerabilities > Weseek

DATE CVE VULNERABILITY TITLE RISK
2023-12-26 CVE-2023-42436 Cross-site Scripting vulnerability in Weseek Growi
Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0.
network
low complexity
weseek CWE-79
5.4
2023-12-26 CVE-2023-45737 Cross-site Scripting vulnerability in Weseek Growi
Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page and the Markdown Settings (/admin/markdown) page of GROWI versions prior to v3.5.0.
network
low complexity
weseek CWE-79
5.4
2023-12-26 CVE-2023-45740 Cross-site Scripting vulnerability in Weseek Growi
Stored cross-site scripting vulnerability when processing profile images exists in GROWI versions prior to v4.1.3.
network
low complexity
weseek CWE-79
5.4
2023-12-26 CVE-2023-46699 Cross-Site Request Forgery (CSRF) vulnerability in Weseek Growi
Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0.
network
low complexity
weseek CWE-352
4.3
2023-12-26 CVE-2023-47215 Cross-site Scripting vulnerability in Weseek Growi
Stored cross-site scripting vulnerability which is exploiting a behavior of the XSS Filter exists in GROWI versions prior to v6.0.0.
network
low complexity
weseek CWE-79
5.4
2023-12-26 CVE-2023-49119 Cross-site Scripting vulnerability in Weseek Growi
Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0.
network
low complexity
weseek CWE-79
5.4
2023-12-26 CVE-2023-49598 Cross-site Scripting vulnerability in Weseek Growi
Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0.
network
low complexity
weseek CWE-79
5.4
2023-12-26 CVE-2023-49779 Cross-site Scripting vulnerability in Weseek Growi
Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0.
network
low complexity
weseek CWE-79
5.4
2023-12-26 CVE-2023-49807 Cross-site Scripting vulnerability in Weseek Growi
Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior to v6.0.0.
network
low complexity
weseek CWE-79
5.4
2023-12-26 CVE-2023-50175 Cross-site Scripting vulnerability in Weseek Growi
Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page, the Markdown Settings (/admin/markdown) page, and the Customize (/admin/customize) page of GROWI versions prior to v6.0.0.
network
low complexity
weseek CWE-79
5.4