CVE Published: 26/12/2023 |
CVE Updated: 12/09/2024 |
CVE Year: 2023 Source: jpcert |
Vendor: WESEEK, Inc. |
Product: GROWI Status : PUBLISHED
CVE-2023-46699 Description
Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user\'s intention.