Vulnerability Database

318,756

Total vulnerabilities in the database

CVE-2021-20829

Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page.

Published: Sep 21, 2021
Updated: Nov 16, 2025
CVE: CVE-2021-20829
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
weseek / growi	-	4.2.19.x

https://jvn.jp/en/vu/JVNVU94889258/index.html
https://weseek.co.jp/security/2021/09/17/vulnerability/growi-prevent-multiple-xss-addition/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo