Tsubasa Fujii

**Name of the Vulnerable Software and Affected Versions** GROWI versions prior to v6.0.0 **Description** A stored cross-site scripting issue exists in the event handlers of the `pre` tags. If exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. **Recommendations** For GROWI versions prior to v6.0.0, update to version v6.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the event handlers of the `pre` tags until a patch is available. Restrict access to the `pre` tags to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14.6 Safari versions prior to 12.1.2 **Description** The issue is related to an inconsistent user interface that could be exploited by visiting a malicious website, potentially leading to address bar spoofing. **Recommendations** For macOS versions prior to 10.14.6, update to macOS Mojave 10.14.6 to resolve the issue. For Safari versions prior to 12.1.2, update to Safari 12.1.2 to resolve the issue.