CVE-2023-46699

Summary

Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user's intention.

Affected Software

VendorProductVersion RangeStatus
WESEEK, Inc.GROWIprior to v6.0.0affected

Weaknesses

  • Cross-site request forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References