CVE-2021-20829

medium

Description

Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page.

References

https://weseek.co.jp/security/2021/09/17/vulnerability/growi-prevent-multiple-xss-addition/

https://jvn.jp/en/vu/JVNVU94889258/index.html

Details

Source: Mitre, NVD

Published: 2021-09-21

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00332