Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and earlier allows remote attackers to hijack the authentication of administrators via updating user's 'Basic Info'.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-07-05
Open redirect vulnerability in GROWI v3.4.6 and earlier allows remote attackersto redirect users to arbitrary web sites and conduct phishing attacks via the process of login.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-05
Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via New Page modal.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-01-09
Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-01-09
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via Wiki page view.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-07
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the modal for creating Wiki page.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-07
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the app settings section of admin page.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-09-07
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-09-07
Page 4