weseek/growi

weseek/growi

Releases831

Frequency3 days 10 hours

Last Release 5 months ago

Downloads1.25M

Stars34

Team collaboration software using markdown

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-5683 ↗	Dec 16, 2020Wednesday, 16 December 2020, 08:15	7.5 HIGH	5 MEDIUM
Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to alter the data by uploading a specially crafted file.
CVE-2020-5682 ↗	Dec 16, 2020Wednesday, 16 December 2020, 08:15	7.5 HIGH	5 MEDIUM
Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2020-5676 ↗	Dec 3, 2020Thursday, 3 December 2020, 12:15	7.5 HIGH	5 MEDIUM
GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors.
CVE-2020-5677 ↗	Dec 3, 2020Thursday, 3 December 2020, 12:15	6.1 MEDIUM	4.3 MEDIUM
Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.
CVE-2020-5678 ↗	Dec 3, 2020Thursday, 3 December 2020, 12:15	6.1 MEDIUM	4.3 MEDIUM
Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.