Lucene search

K
cvelistJpcertCVELIST:CVE-2023-42436
HistoryDec 26, 2023 - 7:22 a.m.

CVE-2023-42436

2023-12-2607:22:50
jpcert
www.cve.org
cve-2023-42436
stored cross-site scripting
growi
presentation feature
web browser
arbitrary script

0.0004 Low

EPSS

Percentile

14.0%

Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

CNA Affected

[
  {
    "vendor": "WESEEK, Inc.",
    "product": "GROWI",
    "versions": [
      {
        "version": "prior to v3.4.0",
        "status": "affected"
      }
    ]
  }
]

0.0004 Low

EPSS

Percentile

14.0%

Related for CVELIST:CVE-2023-42436