Vulnerabilities > Weseek > Low

DATE CVE VULNERABILITY TITLE RISK
2021-03-10 CVE-2021-20667 Cross-site Scripting vulnerability in Weseek Growi
Stored cross-site scripting vulnerability due to inadequate CSP (Content Security Policy) configuration in GROWI versions v4.2.2 and earlier allows remote authenticated attackers to inject an arbitrary script via a specially crafted content.
network
weseek CWE-79
3.5
2021-03-10 CVE-2021-20673 Cross-site Scripting vulnerability in Weseek Growi
Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
network
weseek CWE-79
3.5
2019-01-09 CVE-2018-0698 Cross-site Scripting vulnerability in Weseek Growi
Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
weseek CWE-79
3.5
2019-01-09 CVE-2018-16205 Cross-site Scripting vulnerability in Weseek Growi
Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via New Page modal.
network
weseek CWE-79
3.5
2018-09-07 CVE-2018-0652 Cross-site Scripting vulnerability in Weseek Growi
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page.
network
weseek CWE-79
3.5
2018-09-07 CVE-2018-0655 Cross-site Scripting vulnerability in Weseek Growi
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the app settings section of admin page.
network
weseek CWE-79
3.5