NVD - Results

Sort results by:

Search Results (Refine Search)

Search Parameters:

Results Type: Overview
Keyword (text search): cpe:2.3:a:weseek:growi:3.6.4:*:*:*:*:*:*:*
CPE Name Search: true

There are 25 matching records.

Displaying matches 21 through 25.

Vuln ID	Summary	CVSS Severity
CVE-2020-5683	Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to alter the data by uploading a specially crafted file. Published: December 16, 2020; 3:15:14 AM -0500	V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM
CVE-2020-5682	Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to cause a denial of service via unspecified vectors. Published: December 16, 2020; 3:15:13 AM -0500	V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM
CVE-2020-5678	Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. Published: December 03, 2020; 7:15:11 AM -0500	V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM
CVE-2020-5677	Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. Published: December 03, 2020; 7:15:11 AM -0500	V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM
CVE-2020-5676	GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors. Published: December 03, 2020; 7:15:11 AM -0500	V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM