CVE-2021-20667

Stored XSS in GROWI (GROWI における格納型 XSS)

Inadequate CSP (Content Security Policy) configuration allows a remote attacker to execute an arbitrary script on the web browser of the user who accesses an attached file containing a specially crafted content.

Disclosure Date

2021/03/07

Credit

stypr (@stereotype32)

Affected-Versions

GROWI: v4.2.2 and earlier

CWE

CWE-79

Product-URLs

https://growi.org/

Reference

https://jvn.jp/en/vu/JVNVU94889258/index.html
https://nvd.nist.gov/vuln/detail/CVE-2021-20667
https://weseek.co.jp/security/2021/03/08/vulnerability/growi-prevent-multiple-xss/

Back

Stored XSS in GROWI (GROWI における格納型 XSS)

Disclosure Date

Credit

Affected-Versions

CWE

Product-URLs

Reference

会社情報

サービス紹介

お問い合わせ