CVE-2023-50339

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-50339

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50339.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-50339

Published

2023-12-26T08:15:11.657Z

Modified

2026-04-10T05:05:25.639571Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Stored cross-site scripting vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.1.11. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.

References

Affected packages

Git / github.com/weseek/growi

Affected ranges

Type

GIT

Repo

https://github.com/weseek/growi

Events

Introduced

Fixed

7d739a99fd0ceb10606f0e7b3e89408afe3baa71

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.1.11"
        }
    ]
}

Affected versions

1.*

1.0.0-RC3

v1.*

v1.0.0-RC

v1.0.0-RC2

v1.0.0-RC4

v1.3.0

v1.3.1

v1.4.0

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.6.0

v4.*

v4.4.0

v4.4.10

v4.4.11

v4.4.12

v4.4.13

v4.4.2

v4.4.3

v4.4.4

v4.4.5

v4.4.6

v4.4.7

v4.4.8

v4.4.9

v4.5.0

v4.5.1

v4.5.10

v4.5.11

v4.5.12

v4.5.13

v4.5.14

v4.5.15

v4.5.2

v4.5.3

v4.5.4

v4.5.5

v4.5.6

v4.5.7

v4.5.8

v4.5.9

v5.*

v5.0.0

v5.0.1

v5.0.10

v5.0.11

v5.0.2

v5.0.3

v5.0.4

v5.0.5

v5.0.6

v5.0.7

v5.0.8

v5.0.9

v5.1.0

v5.1.1

v5.1.2

v5.1.3

v5.1.4

v5.1.5

v6.*

v6.0.0

v6.0.1

v6.0.10

v6.0.11

v6.0.12

v6.0.13

v6.0.14

v6.0.15

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.0.6

v6.0.7

v6.0.8

v6.0.9

v6.1.0

v6.1.1

v6.1.10

v6.1.2

v6.1.3

v6.1.4

v6.1.5

v6.1.6

v6.1.7

v6.1.8

v6.1.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50339.json"