EPSS
Percentile
29.2%
GROWI are vulnerable to cross-site scripting attacks. A remote, authenticated attacker could exploit the flawed New Page Handler component to inject and execute arbitrary web script or HTML into victim’s browser.
New Page Handler
jvn.jp/en/jp/JVN96493183/index.html
weseek.co.jp/security/2018/12/25/growi-prevent-xss2/