cve/2021/CVE-2021-20672.md

### [CVE-2021-20672](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20672)
![](https://img.shields.io/static/v1?label=Product&message=GROWI%20(v4.2%20Series)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-site%20scripting&color=brighgreen)

### Description

Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/mute1008/mute1008
- https://github.com/mute1997/mute1997
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2021-20672](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20672)`
			`![](https://img.shields.io/static/v1?label=Product&message=GROWI%20(v4.2%20Series)&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-site%20scripting&color=brighgreen)`

			`### Description`

			`Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/mute1008/mute1008`
			`- https://github.com/mute1997/mute1997`