CVE-2021-41169 Improper Neutralization HTML tags in sulu/sulu

2021-10-2120:25:10

CWE-79

GitHub_M

www.cve.org

sulu cms

php

symfony

html input

vulnerability

stored cross site scripting

admin users

upgrade

CVSS3

6.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

19.4%

JSON

Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.

CNA Affected

[
  {
    "product": "sulu",
    "vendor": "sulu",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.6.43"
      }
    ]
  }
]