{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T03:34:26.812","vulnerabilities":[{"cve":{"id":"CVE-2021-20785","sourceIdentifier":"vultures@jpcert.or.jp","published":"2021-07-30T14:15:14.787","lastModified":"2024-11-21T05:47:11.163","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to inject an arbitrary script by sending a specially crafted request to a specific URL."},{"lang":"es","value":"Una vulnerabilidad de tipo Cross-site scripting en GroupSession (GroupSession Free edition desde versión 2.2.0 hasta versión anterior a 5.1.0, GroupSession byCloud desde versión 3.0.3 hasta versión anterior a 5.1.0, y GroupSession ZION desde versión 3.0.3 hasta versión anterior a 5.1.0) permite a un atacante remoto inyectar un script arbitrario mediante el envío de una petición especialmente diseñada hacia una URL específica"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:groupsession:groupsession:*:*:*:*:free:*:*:*","versionStartIncluding":"2.20","versionEndExcluding":"5.1.0","matchCriteriaId":"BCD711A0-12D3-4FC1-B1F3-084DD5D9721B"},{"vulnerable":true,"criteria":"cpe:2.3:a:groupsession:groupsession_bycloud:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.3","versionEndExcluding":"5.1.0","matchCriteriaId":"20139ED3-424E-49EB-9D6D-9EAA356C0D96"},{"vulnerable":true,"criteria":"cpe:2.3:a:groupsession:groupsession_zion:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.3","versionEndExcluding":"5.1.0","matchCriteriaId":"9F38C4EF-470B-4C54-B57F-7C99AB59BF73"}]}]}],"references":[{"url":"https://groupsession.jp/info/info-news/security202107","source":"vultures@jpcert.or.jp","tags":["Vendor Advisory"]},{"url":"https://jvn.jp/en/jp/JVN86026700/index.html","source":"vultures@jpcert.or.jp","tags":["Third Party Advisory"]},{"url":"https://groupsession.jp/info/info-news/security202107","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://jvn.jp/en/jp/JVN86026700/index.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}