CVE-2021-20787

Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:groupsession:groupsession:*:*:*:*:free:*:*:*
cpe:2.3:a:groupsession:groupsession_bycloud:*:*:*:*:*:*:*:*
cpe:2.3:a:groupsession:groupsession_zion:*:*:*:*:*:*:*:*

History

06 Aug 2021, 12:42

Type Values Removed Values Added
CVSS v2 : 4.3
v3 : 6.1
v2 : 3.5
v3 : 4.8

06 Aug 2021, 11:06

Type Values Removed Values Added
References (MISC) https://jvn.jp/en/jp/JVN86026700/index.html - (MISC) https://jvn.jp/en/jp/JVN86026700/index.html - Third Party Advisory
References (MISC) https://groupsession.jp/info/info-news/security202107 - (MISC) https://groupsession.jp/info/info-news/security202107 - Vendor Advisory
CPE cpe:2.3:a:groupsession:groupsession:*:*:*:*:free:*:*:*
cpe:2.3:a:groupsession:groupsession_bycloud:*:*:*:*:*:*:*:*
cpe:2.3:a:groupsession:groupsession_zion:*:*:*:*:*:*:*:*
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 6.1

30 Jul 2021, 15:16

Type Values Removed Values Added
New CVE

Information

Published : 2021-07-30 14:15

Updated : 2024-02-04 21:47


NVD link : CVE-2021-20787

Mitre link : CVE-2021-20787

CVE.ORG link : CVE-2021-20787


JSON object : View

Products Affected

groupsession

  • groupsession_bycloud
  • groupsession_zion
  • groupsession
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')