
We found results for “”
CVE-2021-41169
Good to know:

Date: October 21, 2021
Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.
Language: PHP
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79Top Fix

Upgrade Version
Upgrade to version sulu/sulu - 1.5.11;sulu/sulu - 1.2.0-RC1;sulu/sulu - 1.1.3;sulu/sulu - 1.5.2;sulu/sulu - 1.6.7;sulu/sulu - 1.1.10;sulu/sulu - 1.0.10;sulu/sulu - 1.4.2;sulu/sulu - 1.3.11;sulu/sulu - 1.2.7;sulu/sulu - 1.1.0-beta1;sulu/sulu - 1.6.9;sulu/sulu - 1.5.0;sulu/sulu - 0.13.1;sulu/sulu - 1.0.14;sulu/sulu - 1.1.6;sulu/sulu - 1.2.1;sulu/sulu - 1.3.1;sulu/sulu - 1.5.7;sulu/sulu - 0.10.2;sulu/sulu - 1.4.6;sulu/sulu - 0.11.1;sulu/sulu - 1.6.17;sulu/sulu - 1.0.0;sulu/sulu - 1.5.21;sulu/sulu - 1.5.0-RC2;sulu/sulu - 0.14.2;sulu/sulu - 1.6.2;sulu/sulu - 1.6.14;sulu/sulu - 1.0.6;sulu/sulu - 1.5.15;sulu/sulu - 0.18.1;sulu/sulu - 1.4.0;sulu/sulu - 1.6.43;sulu/sulu - 1.2.0-RC3;sulu/sulu - 1.3.3;sulu/sulu - 1.6.20;sulu/sulu - 1.6.0-RC1;sulu/sulu - 1.0.8;sulu/sulu - 0.15.2;sulu/sulu - 1.6.25;sulu/sulu - 0.17.0-RC2;sulu/sulu - 1.0.0-RC2;sulu/sulu - 1.1.8
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | HIGH |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | MEDIUM |
Authentication (AU): | SINGLE |
Confidentiality (C): | NONE |
Integrity (I): | PARTIAL |
Availability (A): | NONE |
Additional information: |