Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN86438134/index.html | Third Party Advisory |
https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jpcert
Published: 2021-03-10T09:20:35
Updated: 2021-03-10T09:20:35
Reserved: 2020-12-17T00:00:00
Link: CVE-2021-20673
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-10T10:15:13.053
Modified: 2021-03-17T17:54:12.313
Link: CVE-2021-20673
JSON object: View
Redhat Information
No data.
CWE