CVE-2021-20673

CVE-2021-20673

EPSS 0.8%

Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.

Affected products

WESEEK, Inc. · GROWI (v4.2 Series)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://jvn.jp/en/jp/JVN86438134/index.html https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/