CVE-2023-50175

Name of the Vulnerable Software and Affected Versions GROWI versions prior to v6.0.0

Description A stored cross-site scripting issue exists in the App Settings (/admin/app) page, the Markdown Settings (/admin/markdown) page, and the Customize (/admin/customize) page. This could allow an arbitrary script to be executed on the web browser of the user who accessed the site using the product.

Recommendations For versions prior to v6.0.0, update to version v6.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the /admin/app, /admin/markdown, and /admin/customize pages until a patch is applied. Avoid using these pages in production environments until the update is installed.