All the vulnerabilites related to WESEEK, Inc. - GROWI (v4.2 Series)
cve-2021-20673
Vulnerability from cvelistv5
Published
2021-03-10 09:20
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/ | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN86438134/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| WESEEK, Inc. | GROWI (v4.2 Series) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN86438134/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GROWI (v4.2 Series)",
"vendor": "WESEEK, Inc.",
"versions": [
{
"status": "affected",
"version": "versions from v4.2.0 to v4.2.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-10T09:20:35",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN86438134/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GROWI (v4.2 Series)",
"version": {
"version_data": [
{
"version_value": "versions from v4.2.0 to v4.2.7"
}
]
}
}
]
},
"vendor_name": "WESEEK, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/",
"refsource": "MISC",
"url": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/"
},
{
"name": "https://jvn.jp/en/jp/JVN86438134/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN86438134/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20673",
"datePublished": "2021-03-10T09:20:35",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:45.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20672
Vulnerability from cvelistv5
Published
2021-03-10 09:20
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/ | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN86438134/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| WESEEK, Inc. | GROWI (v4.2 Series) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN86438134/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GROWI (v4.2 Series)",
"vendor": "WESEEK, Inc.",
"versions": [
{
"status": "affected",
"version": "versions from v4.2.0 to v4.2.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-10T09:20:34",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN86438134/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GROWI (v4.2 Series)",
"version": {
"version_data": [
{
"version_value": "versions from v4.2.0 to v4.2.7"
}
]
}
}
]
},
"vendor_name": "WESEEK, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/",
"refsource": "MISC",
"url": "https://weseek.co.jp/security/2021/03/09/vulnerability/growi-prevent-xss5/"
},
{
"name": "https://jvn.jp/en/jp/JVN86438134/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN86438134/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20672",
"datePublished": "2021-03-10T09:20:34",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:45.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}