Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/