CVE-2021-41169

Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.2 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
GitHub_MCNA
6.2 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
sulusulu
𝑥
< 1.6.43
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445
https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx
https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445
https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx