First published: Wed Mar 10 2021(Updated: )
Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
WESEEK GROWI | >=4.2.0<=4.2.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-20673 is rated as medium with a CVSS score of 4.8.
Remote authenticated attackers can exploit the vulnerability by injecting arbitrary scripts through unspecified vectors.
The stored cross-site scripting vulnerability affects GROWI v4.2.0 to v4.2.7 in the v4.2 Series.
CVE-2021-20673 is associated with CWE ID 79, which is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
You can find more information about CVE-2021-20673 on the Japan Vulnerability Notes (JVN) and WESEEK websites.