Unrated severityNVD Advisory· Published Oct 23, 2025· Updated Oct 23, 2025

CVE-2025-54806

Description

GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser.

Affected products

Weseek/Growillm-fuzzy
Range: <=4.2.7
GROWI, Inc./GROWIv5
Range: v4.2.7 and earlier

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

growi.co.jp/news/38/mitre
jvn.jp/en/jp/JVN46526244/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000