Vulnerability Description
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been resolved in the 0.9.6 release and all users are advised to upgrade. There are no known workarounds.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Galette | Galette | < 0.9.6 |
Related Weaknesses (CWE)
References
- https://github.com/galette/galette/commit/0d55bc7f420470e0dbca91ebe7899c592905cbPatchThird Party Advisory
- https://github.com/galette/galette/security/advisories/GHSA-28fg-cp22-6c33Third Party Advisory
- https://github.com/galette/galette/commit/0d55bc7f420470e0dbca91ebe7899c592905cbPatchThird Party Advisory
- https://github.com/galette/galette/security/advisories/GHSA-28fg-cp22-6c33Third Party Advisory
FAQ
What is CVE-2021-41261?
CVE-2021-41261 is a vulnerability with a CVSS score of 8.1 (HIGH). Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the prefe...
How severe is CVE-2021-41261?
CVE-2021-41261 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-41261?
Check the references section above for vendor advisories and patch information. Affected products include: Galette Galette.