CVE-2023-45737

Name of the Vulnerable Software and Affected Versions GROWI versions prior to v3.5.0

Description A stored cross-site scripting issue exists in the App Settings (/admin/app) page and the Markdown Settings (/admin/markdown) page. If exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

Recommendations For versions prior to v3.5.0, update to version v3.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the /admin/app and /admin/markdown pages until a patch is available. Avoid using the App Settings and Markdown Settings pages in GROWI until the issue is resolved.