2 matches found
CVE-2025-61994
Cross-site scripting vulnerability exists in GROWI prior to v7.2.10. If a malicious user creates a page containing crafted contents, an arbitrary script may be executed on the web browser of a victim user who accesses the page...
CVE-2025-61994
GROWI is affected by CVE-2025-61994: stored cross-site scripting in versions prior to 7.2.10 when a page with crafted content is created, potentially allowing arbitrary script execution in a victim’s browser. Remediation: upgrade to GROWI 7.3.0 or later (per JVN/Red Hat advisories). Other sources...