CVE-2021-20829

Cross-site Scripting in GROWI (GROWI における XSS (クロスサイトスクリプティング))

Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page.

Disclosure Date

2021/09/20

Credit

stypr (@stereotype32)

Affected-Versions

GROWI: v4.2.19 and earlier

CWE

CWE-79

Product-URLs

https://growi.org/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-20829
https://weseek.co.jp/ja/news/2021/09/17/growi-prevent-multiple-xss-addition/
https://jvn.jp/en/vu/JVNVU94889258/index.html

Back

Cross-site Scripting in GROWI (GROWI における XSS (クロスサイトスクリプティング))

Disclosure Date

Credit

Affected-Versions

CWE

Product-URLs

Reference

会社情報

サービス紹介

お問い合わせ