EPSS
Percentile
29.2%
growi is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victim’s browser to steal session tokens or perform unwanted actions on behalf of the user.
jvn.jp/en/jp/JVN96493183/index.html
weseek.co.jp/security/2018/12/25/growi-prevent-xss2/