Primary

Context

GROWI Cross-Site Scripting Vulnerability in Page Alert Function

Vulnerability

A cross-site scripting vulnerability has been identified in GROWI versions through 4.2.7. This issue arises in the page alert function, where user input is improperly sanitized, allowing attackers to execute arbitrary JavaScript in the context of the user's browser. The vulnerability is triggered by accessing a crafted URL while logged into the application.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can execute scripts in the victim's browser session.

Remediation

Users are advised to update GROWI to version 4.2.8 or later. The updated version can be downloaded from GitHub or Docker Hub.

Added: Oct 23, 2025, 5:23 AM

Updated: Oct 23, 2025, 5:23 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GROWI Cross-Site Scripting Vulnerability in Page Alert Function

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating