CVE-2021-20875
MEDIUM WAF: Medium
CVSS 6.1
Published: 2021-12-24
CWE-601
Open redirect vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks by having a user to access a specially crafted URL.
WAF Coverage Analysis
Open Redirect
Medium WAF Coverage
OWASP: A01:2021 Broken Access Control
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| groupsession | groupsession | up to 5.1.1 |
| groupsession | groupsession | up to 5.1.1 |
| groupsession | groupsession | up to 5.1.1 |
References
- groupsession.jp (Vendor Advisory)
- jvn.jp (Third Party Advisory)