Skip to main content
CVE-2023-50339 MEDIUM This Month

Stored cross-site scripting vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.1.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-50175 MEDIUM This Month

Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page, the Markdown Settings (/admin/markdown) page, and the Customize (/admin/customize) page of GROWI versions prior. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-49807 MEDIUM This Month

Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior to v6.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-49779 MEDIUM This Month

Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-49598 MEDIUM This Month

Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-49119 MEDIUM This Month

Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47215 MEDIUM This Month

Stored cross-site scripting vulnerability which is exploiting a behavior of the XSS Filter exists in GROWI versions prior to v6.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-45740 MEDIUM This Month

Stored cross-site scripting vulnerability when processing profile images exists in GROWI versions prior to v4.1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-45737 MEDIUM This Month

Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page and the Markdown Settings (/admin/markdown) page of GROWI versions prior to v3.5.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-42436 MEDIUM This Month

Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-49117 MEDIUM This Month

PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Powercms
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-46711 MEDIUM PATCH This Month

VR-S1000 firmware Ver. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Vr S1000 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2023-46699 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Growi
NVD
CVSS 3.1
4.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy