Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read and/or delete an arbitrary path via a specially crafted URL.
CVSS Score
4.7
EPSS Score
0.003
Published
2021-03-10
Improper access control vulnerability in GROWI versions v4.2.2 and earlier allows a remote unauthenticated attacker to read the user's personal information and/or server's internal information via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.01
Published
2021-03-10
GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-12-03
Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-12-03
Page 3