Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page.
References
Link | Resource |
---|---|
https://jvn.jp/en/vu/JVNVU94889258/index.html | Third Party Advisory |
https://weseek.co.jp/security/2021/09/17/vulnerability/growi-prevent-multiple-xss-addition/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jpcert
Published: 2021-09-21T09:25:10
Updated: 2021-09-21T09:25:10
Reserved: 2020-12-17T00:00:00
Link: CVE-2021-20829
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-21T10:15:07.543
Modified: 2021-09-29T19:18:08.380
Link: CVE-2021-20829
JSON object: View
Redhat Information
No data.
CWE