Vulnerabilities > Weseek > Growi > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-26 | CVE-2023-42436 | Cross-site Scripting vulnerability in Weseek Growi Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0. | 5.4 |
| 2023-12-26 | CVE-2023-45737 | Cross-site Scripting vulnerability in Weseek Growi Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page and the Markdown Settings (/admin/markdown) page of GROWI versions prior to v3.5.0. | 5.4 |
| 2023-12-26 | CVE-2023-45740 | Cross-site Scripting vulnerability in Weseek Growi Stored cross-site scripting vulnerability when processing profile images exists in GROWI versions prior to v4.1.3. | 5.4 |
| 2023-12-26 | CVE-2023-46699 | Cross-Site Request Forgery (CSRF) vulnerability in Weseek Growi Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. | 4.3 |
| 2023-12-26 | CVE-2023-47215 | Cross-site Scripting vulnerability in Weseek Growi Stored cross-site scripting vulnerability which is exploiting a behavior of the XSS Filter exists in GROWI versions prior to v6.0.0. | 5.4 |
| 2023-12-26 | CVE-2023-49119 | Cross-site Scripting vulnerability in Weseek Growi Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. | 5.4 |
| 2023-12-26 | CVE-2023-49598 | Cross-site Scripting vulnerability in Weseek Growi Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. | 5.4 |
| 2023-12-26 | CVE-2023-49779 | Cross-site Scripting vulnerability in Weseek Growi Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0. | 5.4 |
| 2023-12-26 | CVE-2023-49807 | Cross-site Scripting vulnerability in Weseek Growi Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior to v6.0.0. | 5.4 |
| 2023-12-26 | CVE-2023-50175 | Cross-site Scripting vulnerability in Weseek Growi Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page, the Markdown Settings (/admin/markdown) page, and the Customize (/admin/customize) page of GROWI versions prior to v6.0.0. | 5.4 |