Stored cross-site scripting vulnerability due to inadequate CSP (Content Security Policy) configuration in GROWI versions v4.2.2 and earlier allows remote authenticated attackers to inject an arbitrary script via a specially crafted content.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: jpcert
Published:
Updated: 2024-08-03T17:45:45.356Z
Reserved: 2020-12-17T00:00:00
Link: CVE-2021-20667

No data.

Status : Modified
Published: 2021-03-10T10:15:12.507
Modified: 2024-11-21T05:46:58.443
Link: CVE-2021-20667

No data.