CVE-2023-49807

Name of the Vulnerable Software and Affected Versions GROWI versions prior to v6.0.0

Description A stored cross-site scripting issue exists when processing MathJax. This could allow an arbitrary script to be executed on the user's web browser if the vulnerability is exploited.

Recommendations For versions prior to v6.0.0, update to version v6.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the MathJax processing feature until a patch is available. Restrict access to the MathJax module to minimize the risk of exploitation.