4 matches found
CVE-2021-20673
Stored cross-site scripting vulnerability in Admin Page of GROWI v4.2 Series versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...
CVE-2021-20673
Stored cross-site scripting vulnerability in Admin Page of GROWI v4.2 Series versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...
CVE-2021-20673
CVE-2021-20673 is a stored cross-site scripting vulnerability in GROWI (v4.2 Series) Admin Page, affecting versions v4.2.0 through v4.2.7. The issue allows a remote authenticated attacker to inject arbitrary script into a logged-in user’s browser via unspecified vectors. Affected product: GROWI (...
JVN#86438134: Multiple cross-site scripting vulnerabilities in GROWI
GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters CWE-79 - CVE-2021-20672 Version| Vector| Score ---|---|--- CVSS v3|...