CVE-2023-49119

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-49119

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49119.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-49119

Published

2023-12-26T08:15:10.793Z

Modified

2026-04-10T05:04:57.816490Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

References

Affected packages

Git / github.com/weseek/growi

Affected ranges

Type

GIT

Repo

https://github.com/weseek/growi

Events

Introduced

Fixed

c92304e07267e510f8ea6be386df1771bed1d580

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.0.0"
        }
    ]
}

Affected versions

1.*

1.0.0-RC3

v1.*

v1.0.0-RC

v1.0.0-RC2

v1.0.0-RC4

v1.3.0

v1.3.1

v1.4.0

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.6.0

v4.*

v4.4.0

v4.4.10

v4.4.11

v4.4.12

v4.4.13

v4.4.2

v4.4.3

v4.4.4

v4.4.5

v4.4.6

v4.4.7

v4.4.8

v4.4.9

v4.5.0

v4.5.1

v4.5.10

v4.5.11

v4.5.12

v4.5.13

v4.5.14

v4.5.15

v4.5.2

v4.5.3

v4.5.4

v4.5.5

v4.5.6

v4.5.7

v4.5.8

v4.5.9

v5.*

v5.0.0

v5.0.1

v5.0.10

v5.0.11

v5.0.2

v5.0.3

v5.0.4

v5.0.5

v5.0.6

v5.0.7

v5.0.8

v5.0.9

v5.1.0

v5.1.1

v5.1.2

v5.1.3

v5.1.4

v5.1.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49119.json"