CVE-2021-20829

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-20829
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20829.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-20829
Published
2021-09-21T10:15:07.543Z
Modified
2026-04-10T04:29:27.254600Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page.

References

Affected packages

Git / github.com/weseek/growi

Affected ranges

Type
GIT
Repo
https://github.com/weseek/growi
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5b368fe0abd7c8d4d89ada8bbe943715935b0219
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.19"
        }
    ]
}

Affected versions

1.*
1.0.0-RC3
v1.*
v1.0.0-RC
v1.0.0-RC2
v1.0.0-RC4
v1.3.0
v1.3.1
v1.4.0
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.6.0
v4.*
v4.2.19

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20829.json"