Growi · Growi · CVE-2023-49807
**Name of the Vulnerable Software and Affected Versions**
GROWI versions prior to v6.0.0
**Description**
A stored cross-site scripting issue exists when processing MathJax. This could allow an arbitrary script to be executed on the user's web browser if the vulnerability is exploited.
**Recommendations**
For versions prior to v6.0.0, update to version v6.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the MathJax processing feature until a patch is available. Restrict access to the MathJax module to minimize the risk of exploitation.