exploitDog

CVE-2021-20829

Опубликовано: 21 сент. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page.

Ссылки

https://jvn.jp/en/vu/JVNVU94889258/index.html
Third Party Advisory
https://weseek.co.jp/security/2021/09/17/vulnerability/growi-prevent-multiple-xss-addition/
Vendor Advisory
https://jvn.jp/en/vu/JVNVU94889258/index.html
Third Party Advisory
https://weseek.co.jp/security/2021/09/17/vulnerability/growi-prevent-multiple-xss-addition/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*

Версия до 4.2.19 (включая)

EPSS

Процентиль: 56%

0.00332

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-xjjw-7hwm-mx4p

github

больше 3 лет назад

Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page.

EPSS

Процентиль: 56%

0.00332

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79