CVE-2021-20667
Stored Cross-site Scripting in GROWI (GROWI の格納型 XSS (クロスサイトスクリプティング))
Inadequate CSP (Content Security Policy) configuration allows a remote attacker to execute an arbitrary script on the web browser of the user who accesses an attached file containing a specially crafted content.
Disclosure Date
2021/03/07
Credit
stypr (@stereotype32)
Affected-Versions
GROWI: v4.2.2 and earlier
CWE
- CWE-79
