2 matches found
CVE-2018-0654
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the modal for creating Wiki page...
CVE-2018-0654
GROWI (WESEEK) contains a Reflected XSS in the modal for creating a Wiki page affecting v3.1.11 and earlier. An attacker can inject arbitrary scripts, potentially affecting a logged-in user’s browser. Affected component is the Wiki page creation UI; root cause is input handling in the modal. Reme...