Unrated severityNVD Advisory· Published Mar 10, 2021· Updated Aug 3, 2024
CVE-2021-20667
CVE-2021-20667
Description
Stored cross-site scripting vulnerability due to inadequate CSP (Content Security Policy) configuration in GROWI versions v4.2.2 and earlier allows remote authenticated attackers to inject an arbitrary script via a specially crafted content.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- jvn.jp/en/vu/JVNVU94889258/index.htmlmitrex_refsource_MISC
- weseek.co.jp/security/2021/03/08/vulnerability/growi-prevent-multiple-xss/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.