2 matches found
CVE-2018-16205
CVE-2018-16205 is a Cross-Site Scripting vulnerability in GROWI versions up to 3.2.3 (and earlier). The root cause is a flaw in the processing of the New Page modal that allows remote attackers to inject arbitrary script or HTML into a user’s browser. Affected software is GROWI v3.2.3 and earlier...
JVN#96493183: GROWI vulnerable to cross-site scripting
GROWI provided by WESEEK, Inc. contains a cross-site scripting vulnerability CWE-79. The settings option for enabling and disabling the measures against cross-site scripting "Enable XSS prevention" option was introduced in v3.1.12. However, there was an issue with the implementation where the...