Æ¢¶Å Ç¿

Researcher fromNTT-ME ã·ã¹ãã ãªãã¬ã¼ã·ã§ã³ã»ã³ã¿
#21945of 53,633
10.8Total CVSS
Vulnerabilities · 2
Medium
2
PT-2023-28340
5.4
2023-12-26
Growi · Growi · CVE-2023-42436
**Name of the Vulnerable Software and Affected Versions** GROWI versions prior to v3.4.0 **Description** A stored cross-site scripting issue exists in the presentation feature. If exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. **Recommendations** For versions prior to v3.4.0, update to version v3.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the presentation feature until a patch is available.
PT-2023-29660
5.4
2023-12-26
Growi · Growi · CVE-2023-45737
**Name of the Vulnerable Software and Affected Versions** GROWI versions prior to v3.5.0 **Description** A stored cross-site scripting issue exists in the App Settings (/admin/app) page and the Markdown Settings (/admin/markdown) page. If exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. **Recommendations** For versions prior to v3.5.0, update to version v3.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the /admin/app and /admin/markdown pages until a patch is available. Avoid using the App Settings and Markdown Settings pages in GROWI until the issue is resolved.