CVE-2021-20673

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-20673

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20673.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-20673

Published

2021-03-10T10:15:13.053Z

Modified

2026-03-14T10:41:03.937722Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.

References

Affected packages

Git / github.com/weseek/growi

Affected ranges

Type

GIT

Repo

https://github.com/weseek/growi

Events

Introduced

ab5ef887884fb8f16d4f68c93854b9eca7374d96

Last affected

a578a31917ec847869ced529bfb97d07c36e1909

Database specific

{
    "versions": [
        {
            "introduced": "4.2.0"
        },
        {
            "last_affected": "4.2.7"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20673.json"