CVE-2023-45740: Cross-site scripting (XSS) in WESEEK, Inc. GROWI
Stored cross-site scripting vulnerability when processing profile images exists in GROWI versions prior to v4.1.3. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
AI Analysis
Technical Summary
CVE-2023-45740 is a stored cross-site scripting (XSS) vulnerability identified in WESEEK, Inc.'s GROWI software versions prior to 4.1.3. The vulnerability arises from improper sanitization or validation of profile images processed by the application, allowing an attacker to inject arbitrary scripts that are stored persistently on the server. When a user accesses a page containing the maliciously crafted profile image, the embedded script executes in the context of the victim's browser. This can lead to unauthorized actions such as session hijacking, theft of sensitive information, or manipulation of the web interface. The vulnerability requires that the attacker have at least limited privileges (PR:L) to upload or modify profile images, and user interaction is necessary (UI:R) for the malicious script to execute, i.e., a user must view the affected page. The CVSS 3.1 base score is 5.4 (medium severity), reflecting network attack vector (AV:N), low attack complexity (AC:L), privileges required (PR:L), user interaction required (UI:R), and impacts limited to confidentiality and integrity (C:L/I:L) without affecting availability. The scope is changed (S:C), indicating that exploitation can affect resources beyond the vulnerable component. No known exploits in the wild have been reported as of the publication date (December 26, 2023).
Potential Impact
For European organizations using GROWI versions prior to 4.1.3, this vulnerability poses a moderate risk primarily to confidentiality and integrity of information. Since GROWI is a collaborative documentation platform, exploitation could allow attackers to execute scripts that steal session tokens, perform actions on behalf of users, or manipulate displayed content. This could lead to unauthorized disclosure of sensitive corporate knowledge, internal communications, or intellectual property. The requirement for attacker privileges to upload profile images limits the attack surface to insiders or compromised accounts, but the potential for lateral movement or privilege escalation exists if attackers leverage this vulnerability in combination with other weaknesses. The impact on availability is negligible. Organizations in sectors with stringent data protection requirements (e.g., finance, healthcare, government) may face compliance risks if sensitive data is exposed. Additionally, the cross-site scripting nature of the vulnerability could be used as a vector for phishing or social engineering campaigns targeting employees. Given the collaborative nature of GROWI, the risk of reputational damage and operational disruption due to trust erosion is also relevant.
Mitigation Recommendations
European organizations should prioritize upgrading GROWI installations to version 4.1.3 or later, where this vulnerability is patched. Until upgrades can be performed, organizations should implement strict access controls to limit who can upload or modify profile images, ideally restricting this capability to trusted administrators. Employing web application firewalls (WAFs) with custom rules to detect and block suspicious script payloads in profile image uploads can provide interim protection. Additionally, organizations should enforce Content Security Policy (CSP) headers to restrict execution of unauthorized scripts in browsers. Regular auditing of user accounts and monitoring for anomalous profile image changes can help detect exploitation attempts. User education to recognize phishing attempts that might leverage this vulnerability is also recommended. Finally, integrating vulnerability scanning and penetration testing focused on XSS vectors in GROWI deployments will help identify residual risks.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland
CVE-2023-45740: Cross-site scripting (XSS) in WESEEK, Inc. GROWI
Description
Stored cross-site scripting vulnerability when processing profile images exists in GROWI versions prior to v4.1.3. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
AI-Powered Analysis
Technical Analysis
CVE-2023-45740 is a stored cross-site scripting (XSS) vulnerability identified in WESEEK, Inc.'s GROWI software versions prior to 4.1.3. The vulnerability arises from improper sanitization or validation of profile images processed by the application, allowing an attacker to inject arbitrary scripts that are stored persistently on the server. When a user accesses a page containing the maliciously crafted profile image, the embedded script executes in the context of the victim's browser. This can lead to unauthorized actions such as session hijacking, theft of sensitive information, or manipulation of the web interface. The vulnerability requires that the attacker have at least limited privileges (PR:L) to upload or modify profile images, and user interaction is necessary (UI:R) for the malicious script to execute, i.e., a user must view the affected page. The CVSS 3.1 base score is 5.4 (medium severity), reflecting network attack vector (AV:N), low attack complexity (AC:L), privileges required (PR:L), user interaction required (UI:R), and impacts limited to confidentiality and integrity (C:L/I:L) without affecting availability. The scope is changed (S:C), indicating that exploitation can affect resources beyond the vulnerable component. No known exploits in the wild have been reported as of the publication date (December 26, 2023).
Potential Impact
For European organizations using GROWI versions prior to 4.1.3, this vulnerability poses a moderate risk primarily to confidentiality and integrity of information. Since GROWI is a collaborative documentation platform, exploitation could allow attackers to execute scripts that steal session tokens, perform actions on behalf of users, or manipulate displayed content. This could lead to unauthorized disclosure of sensitive corporate knowledge, internal communications, or intellectual property. The requirement for attacker privileges to upload profile images limits the attack surface to insiders or compromised accounts, but the potential for lateral movement or privilege escalation exists if attackers leverage this vulnerability in combination with other weaknesses. The impact on availability is negligible. Organizations in sectors with stringent data protection requirements (e.g., finance, healthcare, government) may face compliance risks if sensitive data is exposed. Additionally, the cross-site scripting nature of the vulnerability could be used as a vector for phishing or social engineering campaigns targeting employees. Given the collaborative nature of GROWI, the risk of reputational damage and operational disruption due to trust erosion is also relevant.
Mitigation Recommendations
European organizations should prioritize upgrading GROWI installations to version 4.1.3 or later, where this vulnerability is patched. Until upgrades can be performed, organizations should implement strict access controls to limit who can upload or modify profile images, ideally restricting this capability to trusted administrators. Employing web application firewalls (WAFs) with custom rules to detect and block suspicious script payloads in profile image uploads can provide interim protection. Additionally, organizations should enforce Content Security Policy (CSP) headers to restrict execution of unauthorized scripts in browsers. Regular auditing of user accounts and monitoring for anomalous profile image changes can help detect exploitation attempts. User education to recognize phishing attempts that might leverage this vulnerability is also recommended. Finally, integrating vulnerability scanning and penetration testing focused on XSS vectors in GROWI deployments will help identify residual risks.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- jpcert
- Date Reserved
- 2023-12-07T02:39:50.226Z
- Cisa Enriched
- true
Threat ID: 682d9847c4522896dcbf549c
Added to database: 5/21/2025, 9:09:27 AM
Last enriched: 6/22/2025, 9:05:22 AM
Last updated: 10/16/2025, 3:17:13 PM
Views: 23
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-61543: n/a
HighCVE-2025-61541: n/a
HighCVE-2025-61536: n/a
HighCVE-2025-41254: CWE-352: Cross-Site Request Forgery (CSRF) in VMware Spring Framework
MediumCVE-2025-36002: Password in Configuration File in IBM Sterling B2B Integrator
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.