Vulnerabilities > Weseek > Growi > 4.0.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-10 | CVE-2021-20667 | Cross-site Scripting vulnerability in Weseek Growi Stored cross-site scripting vulnerability due to inadequate CSP (Content Security Policy) configuration in GROWI versions v4.2.2 and earlier allows remote authenticated attackers to inject an arbitrary script via a specially crafted content. | 5.4 |
| 2020-12-03 | CVE-2020-5676 | Information Exposure vulnerability in Weseek Growi GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors. | 7.5 |