CVE-2025-61994

Cross-site scripting vulnerability exists in GROWI prior to v7.2.10. If a malicious user creates a page containing crafted contents, an arbitrary script may be executed on the web browser of a victim user who accesses the page...

CVE-2025-61994

Cross-site scripting vulnerability exists in GROWI prior to v7.2.10. If a malicious user creates a page containing crafted contents, an arbitrary script may be executed on the web browser of a victim user who accesses the page...

CVE-2025-61994

GROWI is affected by CVE-2025-61994: stored cross-site scripting in versions prior to 7.2.10 when a page with crafted content is created, potentially allowing arbitrary script execution in a victim’s browser. Remediation: upgrade to GROWI 7.3.0 or later (per JVN/Red Hat advisories). Other sources...

CVE-2025-61994

Cross-site scripting vulnerability exists in GROWI prior to v7.2.10. If a malicious user creates a page containing crafted contents, an arbitrary script may be executed on the web browser of a victim user who accesses the page...

PT-2025-45173

Name of the Vulnerable Software and Affected Versions GROWI versions prior to 7.2.10 Description A cross-site scripting issue exists. A malicious user can execute arbitrary scripts in a victim's web browser by creating a page with crafted content. Recommendations Update GROWI to version 7.2.10 or...

CVE-2025-62925 WordPress Conversios.io plugin <= 7.2.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through = 7.2.13...