VYPR
Unrated severityNVD Advisory· Published Mar 10, 2021· Updated Aug 3, 2024

CVE-2021-20667

CVE-2021-20667

Description

Stored cross-site scripting vulnerability due to inadequate CSP (Content Security Policy) configuration in GROWI versions v4.2.2 and earlier allows remote authenticated attackers to inject an arbitrary script via a specially crafted content.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Weseek/Growillm-fuzzy2 versions
    <=v4.2.2+ 1 more
    • (no CPE)range: <=v4.2.2
    • (no CPE)range: versions v4.2.2 and earlier

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.