Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for GROWI (v4.2 Series) by WESEEK, Inc.

    CVE-2021-20673 (GCVE-0-2021-20673)

    Vulnerability from nvd – Published: 2021-03-10 09:20 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    WESEEK, Inc. GROWI (v4.2 Series) Affected: versions from v4.2.0 to v4.2.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:45.477Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN86438134/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GROWI (v4.2 Series)",
              "vendor": "WESEEK, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions from v4.2.0 to v4.2.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-10T09:20:35.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN86438134/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20673",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GROWI (v4.2 Series)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions from v4.2.0 to v4.2.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "WESEEK, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/",
                  "refsource": "MISC",
                  "url": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN86438134/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN86438134/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20673",
        "datePublished": "2021-03-10T09:20:35.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:45.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20672 (GCVE-0-2021-20672)

    Vulnerability from nvd – Published: 2021-03-10 09:20 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    WESEEK, Inc. GROWI (v4.2 Series) Affected: versions from v4.2.0 to v4.2.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:45.518Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN86438134/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GROWI (v4.2 Series)",
              "vendor": "WESEEK, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions from v4.2.0 to v4.2.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-10T09:20:34.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN86438134/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20672",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GROWI (v4.2 Series)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions from v4.2.0 to v4.2.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "WESEEK, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/",
                  "refsource": "MISC",
                  "url": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN86438134/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN86438134/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20672",
        "datePublished": "2021-03-10T09:20:34.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:45.518Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20673 (GCVE-0-2021-20673)

    Vulnerability from cvelistv5 – Published: 2021-03-10 09:20 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    WESEEK, Inc. GROWI (v4.2 Series) Affected: versions from v4.2.0 to v4.2.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:45.477Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN86438134/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GROWI (v4.2 Series)",
              "vendor": "WESEEK, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions from v4.2.0 to v4.2.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-10T09:20:35.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN86438134/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20673",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GROWI (v4.2 Series)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions from v4.2.0 to v4.2.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "WESEEK, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/",
                  "refsource": "MISC",
                  "url": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN86438134/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN86438134/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20673",
        "datePublished": "2021-03-10T09:20:35.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:45.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20672 (GCVE-0-2021-20672)

    Vulnerability from cvelistv5 – Published: 2021-03-10 09:20 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    WESEEK, Inc. GROWI (v4.2 Series) Affected: versions from v4.2.0 to v4.2.7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:45.518Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN86438134/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GROWI (v4.2 Series)",
              "vendor": "WESEEK, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions from v4.2.0 to v4.2.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-10T09:20:34.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN86438134/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20672",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GROWI (v4.2 Series)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions from v4.2.0 to v4.2.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "WESEEK, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/",
                  "refsource": "MISC",
                  "url": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN86438134/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN86438134/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20672",
        "datePublished": "2021-03-10T09:20:34.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:45.518Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }