PT-2023-29661 · Growi · Growi
Kanta Nishitani
·
Publicado
2023-12-26
·
Atualizado
2024-01-04
·
CVE-2023-45740
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
GROWI versions prior to v4.1.3
Description
A stored cross-site scripting issue exists when processing profile images. If exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
Recommendations
For versions prior to v4.1.3, update to version v4.1.3 or later to resolve the issue. As a temporary workaround, consider restricting the upload of profile images until a patch is applied.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Growi