CVE-2023-49119

Stored XSS via img Tags in GROWI (GROWI におけるimg タグによる格納型XSS)

In GROWI v6.0.0 and earlier versions, it is possible to bypass security mechanisms and execute XSS when rendering Markdown as HTML.

2023/12/12