Vulnerabilidades en GROWI, Inc.
8 resultadosCVE-2026-41951HIGHPath traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the serveEPSS 0.5%CVE-2026-41040HIGHGROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.EPSS 0.4%CVE-2026-25083HIGHGROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knowsEPSS 0.3%CVE-2025-43880MEDIUMInefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial of servicEPSS 0.3%CVE-2025-54806MEDIUMGROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while lEPSS 0.2%CVE-2026-26291MEDIUMStored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may beEPSS 0.2%CVE-2025-61994MEDIUMCross-site scripting vulnerability exists in GROWI prior to v7.2.10. If a malicious user creates a page containing crafted contents, an arbiEPSS 0.1%CVE-2025-64700MEDIUMCross-site request forgery vulnerability exists in GROWI v7.3.3 and earlier. If a user views a malicious page while logged in, the user may EPSS 0.1%