Vulnerability Description
Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sulu | Sulu | < 1.6.43 |
Related Weaknesses (CWE)
References
- https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445PatchThird Party Advisory
- https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fxThird Party Advisory
- https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445PatchThird Party Advisory
- https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fxThird Party Advisory
FAQ
What is CVE-2021-41169?
CVE-2021-41169 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not prop...
How severe is CVE-2021-41169?
CVE-2021-41169 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-41169?
Check the references section above for vendor advisories and patch information. Affected products include: Sulu Sulu.