Growi · Growi · CVE-2023-49119
**Name of the Vulnerable Software and Affected Versions**
GROWI versions prior to v6.0.0
**Description**
A stored cross-site scripting issue exists via the img tags. If exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
**Recommendations**
For versions prior to v6.0.0, update to version v6.0.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of img tags until a patch is available.