CNNVD-202510-3273 Information

Oct 23, 2025 cve

CNNVD ID

CNNVD-202510-3273

CVE-2025-54806

  • CNNVD Published: 2025-10-23

Description (Chinese)

Weseek Growi是日本Weseek公司的一个可以用Markdown编写的开源wiki系统。 Weseek Growi v4.2.7及之前版本存在跨站脚本漏洞,该漏洞源于页面警报功能中存在跨站脚本漏洞,可能导致任意脚本在用户浏览器中执行。

Description (English)

Weseek Growi is an open-source wiki system that Weseek, Japan, could use Markdown. Weseek Growi v4.2.7 and previous versions have a cross-site script loophole, which stems from the presence of a cross-site script gap in the page alarm function, which may lead to any script being executed in the user browser.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Weseek

Published

2025-10-23

Last Modified

2026-02-24

References

https://growi.co.jp/news/38/ https://jvn.jp/en/jp/JVN46526244/

Patch

https://growi.co.jp/news/38/

Share on: