CVE-2021-20786

CVE-2021-20786 describes a cross-site request forgery (CSRF) in GroupSession products: Free edition (versions before 5.1.0), byCloud (before 5.1.0), and ZION (before 5.1.0). The issue allows a remote attacker to hijack administrator authentication via a specially crafted URL. The root cause is a ...

CVE-2021-20789

Open redirect vulnerability CVE-2021-20789 affects GroupSession products: Free edition (versions up to 5.0.x), byCloud (up to 5.0.x), and ZION (up to 5.0.x). Root cause involves improper handling of URLs allowing an attacker to redirect victims to arbitrary sites via a specially crafted URL, enab...

CVE-2021-20787

CVE-2021-20787 is a cross-site scripting vulnerability in GroupSession products (Free edition 2.2.0–pre-5.1.0, byCloud 3.0.3–pre-5.1.0, ZION 3.0.3–pre-5.1.0). The flaw enables an attacker to inject arbitrary scripts by sending a specially crafted request to a specific URL. Some sources describe t...

CVE-2021-20788

CVE-2021-20788 is a confirmed SSRF vulnerability in GroupSession products. A remote authenticated attacker can cause the server to perform a port scan from the affected appliance and/or reveal information from the internal Web server. Affected are GroupSession Free edition (versions before 5.1.0)...

CVE-2021-20785

CVE-2021-20785 is a Cross-site Scripting vulnerability in GroupSession (Japan Total System GroupSession) affecting Free edition (ver2.2.0–pre-5.1.0), GroupSession byCloud (ver3.0.3–pre-5.1.0), and GroupSession ZION (ver3.0.3–pre-5.1.0). The root cause is input handling that allows a remote attack...