CVE-2021-20672

Summary

Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors.

Affected Software

VendorProductVersion RangeStatus
WESEEK, Inc.GROWI (v4.2 Series)versions from v4.2.0 to v4.2.7affected

Weaknesses

  • Cross-site scripting

ADP Enrichment

CVE Program Container

Additional References

References