CVE-2023-50175

2023-12-2608:15:11

Google

osv.dev

stored cross-site scripting

app settings

markdown settings

customize

growi

arbitrary script execution

web browser

cve-2023-50175

software

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

JSON

Stored cross-site scripting vulnerability exists in the App Settings (/admin/app) page, the Markdown Settings (/admin/markdown) page, and the Customize (/admin/customize) page of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

CPENameOperatorVersion
growieq4.5.0-slackbot-proxy.1
growieq5.1.6
growieq5.0.2
growieq1.0.0-RC10
growieq4.5.3-slackbot-proxy.0
growieq4.5.4
growieq5.1.3
growieq5.0.5
growieq5.0.0
growieq1.0.0-RC2

Name	Operator	Version
growi	eq	4.5.0-slackbot-proxy.1
growi	eq	5.1.6
growi	eq	5.0.2
growi	eq	1.0.0-RC10
growi	eq	4.5.3-slackbot-proxy.0
growi	eq	4.5.4
growi	eq	5.1.3
growi	eq	5.0.5
growi	eq	5.0.0
growi	eq	1.0.0-RC2