Primary

Context

GROWI Cross-Site Request Forgery Vulnerability

Vulnerability

A cross-site request forgery (CSRF) vulnerability exists in GROWI versions prior to 7.3.4. This vulnerability allows an attacker to trick a logged-in user into performing unintended actions by exploiting the user's session.

Impact

Exploitation of this vulnerability could lead to unauthorized actions being performed on behalf of the user.

Remediation

Users are advised to update GROWI to version 7.3.4 or later. The updated version can be downloaded from GitHub or Docker Hub.

Added: Dec 17, 2025, 5:17 AM

Updated: Dec 17, 2025, 5:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

7.7

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

7.7

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GROWI Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating