Published: 2018/08/03  Last Updated: 2018/08/03

Information from WESEEK, Inc.

Vulnerability ID:JVN#18716340
Title:Multiple cross-site scripting vulnerabilities in GROWI
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

[Summary]
GROWI is developed by WESEEK, Inc.
GROWI releases prior to v3.1.1 contains a cross-site scripting(XSS) vulnerability which can be exploited to perform cross-site scripting attacks.

[Affected Products]
This vulnerability affects GROWI releases prior to v3.1.1

[Description]
GROWI releases prior to v3.1.1 contain a cross-site scripting(XSS) vulnerability.

[Impact]
An attacker can execute potentially malicious script code on website visitor's browser.

[Solution]
To fix this vulnerability, upgrade to v3.1.12 or later provideded by the developer.