Stored Cross-Site Scripting Vulnerability in GROWI Admin Page (v4.2 Series)

Stored Cross-Site Scripting Vulnerability in GROWI Admin Page (v4.2 Series)

CVE-2021-20673 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.

Learn more about our Web Application Penetration Testing UK.