First published: Wed Mar 10 2021(Updated: )
Stored cross-site scripting vulnerability due to inadequate CSP (Content Security Policy) configuration in GROWI versions v4.2.2 and earlier allows remote authenticated attackers to inject an arbitrary script via a specially crafted content.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
WESEEK GROWI | <=4.2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-20667 is a stored cross-site scripting vulnerability due to inadequate CSP (Content Security Policy) configuration in GROWI versions v4.2.2 and earlier.
CVE-2021-20667 allows remote authenticated attackers to inject an arbitrary script via specially crafted content.
CVE-2021-20667 has a severity level of 5.4, classified as medium.
To prevent the Stored XSS vulnerability in GROWI versions v4.2.2 and earlier, update the CSP (Content Security Policy) configuration to adequately mitigate the risk.