PT-2023-29661 · Growi · Growi
Kanta Nishitani
·
Published
2023-12-26
·
Updated
2024-01-04
·
CVE-2023-45740
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
GROWI versions prior to v4.1.3
Description
A stored cross-site scripting issue exists when processing profile images. If exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
Recommendations
For versions prior to v4.1.3, update to version v4.1.3 or later to resolve the issue. As a temporary workaround, consider restricting the upload of profile images until a patch is applied.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Growi