CVE-2023-50175 is a stored cross-site scripting (XSS) vulnerability identified in WESEEK, Inc.'s GROWI product, affecting all versions prior to v6.0.0. The vulnerability exists in multiple administrative interface pages, specifically the App Settings (/admin/app), Markdown Settings (/admin/markdown), and Customize (/admin/customize) pages. Stored XSS occurs when malicious scripts are permanently stored on the target server, such as in a database, and then executed in the browsers of users who access the affected pages. In this case, an attacker with at least limited privileges (PR:L) can inject arbitrary JavaScript code into these admin pages, which will then execute in the context of other users who visit these pages. The CVSS 3.1 base score is 5.4 (medium severity), with the vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N indicating that the attack can be performed remotely over the network with low attack complexity, requires some privileges, and user interaction (UI:R) is needed to trigger the malicious script. The scope is changed (S:C), meaning the vulnerability affects components beyond the initially vulnerable component. The impact is limited to confidentiality and integrity (both low), with no impact on availability. While no known exploits are currently reported in the wild, the vulnerability poses a risk of session hijacking, credential theft, or unauthorized actions performed on behalf of users who access the compromised pages. This vulnerability is particularly critical in environments where multiple administrators or users with elevated privileges access the GROWI admin interface, as it could lead to privilege escalation or lateral movement within the system. Since GROWI is a collaborative wiki platform often used for internal documentation and knowledge sharing, exploitation could expose sensitive corporate information or disrupt organizational workflows.

For European organizations, the exploitation of this vulnerability could lead to unauthorized disclosure of sensitive internal documentation, leakage of credentials or session tokens, and potential manipulation of wiki content. This could undermine trust in internal knowledge management systems, disrupt business operations, and facilitate further attacks such as phishing or lateral movement within the corporate network. Organizations relying on GROWI for critical documentation, especially those in regulated sectors like finance, healthcare, or government, may face compliance risks if sensitive data is exposed. Additionally, since the vulnerability requires some level of privilege and user interaction, insider threats or compromised accounts could be leveraged to exploit this flaw. The cross-site scripting nature also means that attackers could craft malicious links or pages that, when accessed by administrators, execute arbitrary scripts, potentially leading to account takeover or injection of malicious content. The medium severity rating suggests that while the risk is not immediately critical, it is significant enough to warrant prompt remediation to prevent escalation or exploitation in targeted attacks.

1. Upgrade GROWI to version 6.0.0 or later, where this vulnerability has been addressed. 2. Restrict administrative access to the affected pages (/admin/app, /admin/markdown, /admin/customize) to trusted users only and enforce strong authentication mechanisms such as multi-factor authentication (MFA). 3. Implement Content Security Policy (CSP) headers to limit the execution of unauthorized scripts within the GROWI application context. 4. Conduct regular security audits and code reviews focusing on input validation and output encoding in all user-supplied content fields, especially in administrative interfaces. 5. Monitor logs for unusual activities or repeated access patterns to the vulnerable admin pages that could indicate attempted exploitation. 6. Educate administrators and users with elevated privileges about the risks of clicking on untrusted links or executing unknown scripts within the application. 7. If immediate upgrade is not feasible, consider deploying web application firewalls (WAFs) with custom rules to detect and block typical XSS payloads targeting the affected endpoints. 8. Limit the number of users with administrative privileges to reduce the attack surface and potential for insider exploitation.