📦 Growi

This NoSQL injection vulnerability in GROWI wiki software allows attackers to manipulate database queries and access/modify stored data. It affects GROWI versions before v4.2.20, potentially compromis...

CVE-2021-20670 is an improper access control vulnerability in GROWI wiki software that allows unauthenticated remote attackers to read user personal information and server internal data. This affects ...

GROWI v4.2.7 and earlier contains a stored cross-site scripting vulnerability in the page alert function. Attackers can craft malicious URLs that execute arbitrary JavaScript in victims' browsers when...