CVE-2021-20672

Name of the Vulnerable Software and Affected Versions: GROWI versions 4.2.0 through 4.2.7

Description: The issue is related to a reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters. This allows remote attackers to inject an arbitrary script via unspecified vectors.

Recommendations: For versions 4.2.0 through 4.2.7, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.