Filtered by vendor Growi
Subscriptions
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-41951 | 1 Growi | 1 Growi | 2026-05-12 | N/A |
| Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI. | ||||
| CVE-2026-41040 | 1 Growi | 1 Growi | 2026-04-28 | N/A |
| GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string. | ||||
| CVE-2026-26291 | 1 Growi | 1 Growi | 2026-04-17 | N/A |
| Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may be executed in a user's web browser. | ||||
| CVE-2025-61994 | 1 Growi | 1 Growi | 2026-04-15 | N/A |
| Cross-site scripting vulnerability exists in GROWI prior to v7.2.10. If a malicious user creates a page containing crafted contents, an arbitrary script may be executed on the web browser of a victim user who accesses the page. | ||||
| CVE-2025-64700 | 1 Growi | 1 Growi | 2026-04-15 | N/A |
| Cross-site request forgery vulnerability exists in GROWI v7.3.3 and earlier. If a user views a malicious page while logged in, the user may be tricked to do unintended operations. | ||||
| CVE-2026-25083 | 1 Growi | 1 Growi | 2026-03-24 | N/A |
| GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages. | ||||
| CVE-2025-54806 | 2 Growi, Weseek | 2 Growi, Growi | 2025-11-12 | 6.1 Medium |
| GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser. | ||||
Page 1 of 1.