Volerion logoVolerion
Volerion logoVolerion

GROWI Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in GROWI versions prior to 7.2.10. This issue allows a malicious user to create a page with crafted content that, when accessed by a victim, executes an arbitrary script in their web browser. This vulnerability could lead to the leakage of information from pages only visible to the victim user or, in cases where an administrator's account is compromised, from the admin dashboard.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript in the context of the victim user, potentially leading to the theft of sensitive information or manipulation of the page's content. If an administrator is affected, information accessible through the admin panel could also be compromised.

Remediation

Users are advised to update GROWI to version 7.3.0 or later. The updated version can be downloaded from GitHub or Docker Hub.

Added: Nov 6, 2025, 5:19 AM
Updated: Nov 6, 2025, 5:19 AM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
3.5
exploitability
5.0
remediation
7.7
relevance
1.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.