Vulnerabilities in WESEEK, Inc.

38 results

CVE-2020-5683—Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI EPSS 3.0%CVE-2020-5682—Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 serieEPSS 2.0%CVE-2021-20671—Invalid file validation on the upload feature in GROWI versions v4.2.2 allows a remote attacker with administrative privilege to overwrite tEPSS 1.8%CVE-2020-5676—GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors.EPSS 1.8%CVE-2021-20670—Improper access control vulnerability in GROWI versions v4.2.2 and earlier allows a remote unauthenticated attacker to read the user's persoEPSS 1.5%CVE-2021-20736—NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in tEPSS 1.3%CVE-2020-5678—Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vecEPSS 1.2%CVE-2020-5677—Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earlier allows remote attackers to inject arbitrary script via unspecified EPSS 1.1%CVE-2019-5969—Open redirect vulnerability in GROWI v3.4.6 and earlier allows remote attackersto redirect users to arbitrary web sites and conduct phishingEPSS 1.1%CVE-2021-20737—Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to view the unauthorized pages without accEPSS 1.1%CVE-2021-20619—Cross-site scripting vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 allows remote attackers to inject an arbitrary script viaEPSS 1.0%CVE-2021-20672—Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from vEPSS 0.9%CVE-2018-0654—Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the modaEPSS 0.9%CVE-2018-0653—Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via Wiki pagEPSS 0.9%CVE-2021-20668—Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read an arbitrary path viaEPSS 0.8%CVE-2022-41799MEDIUMImproper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authentEPSS 0.8%CVE-2021-20669—Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read and/or delete an arbiEPSS 0.8%CVE-2021-20673—Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated atEPSS 0.8%CVE-2019-5968—Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and earlier allows remote attackers to hijack the authentication of administEPSS 0.7%CVE-2021-20829—Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to eEPSS 0.7%

← previouspage 1 / 2next →