Filtered by vendor Growi
Subscriptions
Filtered by product Growi
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25083 | 1 Growi | 1 Growi | 2026-03-17 | N/A |
| GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages. | ||||
| CVE-2025-64700 | 1 Growi | 1 Growi | 2025-12-18 | N/A |
| Cross-site request forgery vulnerability exists in GROWI v7.3.3 and earlier. If a user views a malicious page while logged in, the user may be tricked to do unintended operations. | ||||
| CVE-2025-54806 | 2 Growi, Weseek | 2 Growi, Growi | 2025-11-12 | 6.1 Medium |
| GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser. | ||||
| CVE-2025-61994 | 1 Growi | 1 Growi | 2025-11-06 | N/A |
| Cross-site scripting vulnerability exists in GROWI prior to v7.2.10. If a malicious user creates a page containing crafted contents, an arbitrary script may be executed on the web browser of a victim user who accesses the page. | ||||
Page 1 of 1.