CVE-2023-50175
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2023-50175 is a stored cross-site scripting (XSS) vulnerability affecting GROWI versions prior to 6.0.0. This issue is present on the App Settings (/admin/app), Markdown Settings (/admin/markdown), and Customize (/admin/customize) pages. An attacker who successfully exploits this vulnerability can inject and execute arbitrary scripts on the web browser of any user who accesses the affected site using the product. This poses a significant security risk and could lead to various malicious activities, such as data theft or unauthorized account access. It is recommended that users immediately upgrade to the latest version of GROWI to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Weseek Growi
Affected Vendors
- Weseek