3 matches found
CVE-2023-50175
Stored cross-site scripting vulnerability exists in the App Settings /admin/app page, the Markdown Settings /admin/markdown page, and the Customize /admin/customize page of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser o...
CVE-2023-50175
GROWI has a stored XSS vulnerability (CVE-2023-50175) affecting App Settings (/admin/app), Markdown Settings (/admin/markdown), and Customize (/admin/customize) pages in versions prior to v6.0.0. The underlying issue allows arbitrary script execution in a user’s browser when visiting the site. Re...
JVN#18715935: Multiple vulnerabilities in GROWI
GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the presentation feature CWE-79 - CVE-2023-42436 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...