Lucene search
GoogleOSV:GHSA-H58V-G3Q6-Q9FXHistoryOct 22, 2021 - 4:20 p.m.
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in sulu/sulu
2021-10-2216:20:53
Google
osv.dev
101
xss
web page
admin users
patched
version 1.6.42
workaround
custom request listener
security advisory
sulu repository
email
.
EPSS
0.001
Percentile
19.4%
Impact
What kind of vulnerability is it? Who is impacted?
It is an issue when input HTML into the Tag name. The HTML is execute when the tag name is listed in the auto complete form.
Only admin users are affected and only admin users can create tags.
Patches
Has the problem been patched? What versions should users upgrade to?
The problem is patched with Version 1.6.42.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Create a custom request listener to avoid that this kind of tags are created.
References
Are there any links users can visit to find out more?
Currently not.
For more information
If you have any questions or comments about this advisory:
- Open an issue in sulu/sulu repository
- Email us at [email protected]
Related
nvd
nvd
CVE-2021-41169
2021-10-21 21:15:08
github
github
prion
prion
Cross site scripting
2021-10-21 21:15:00
cvelist
cvelist
CVE-2021-41169 Improper Neutralization HTML tags in sulu/sulu
2021-10-21 20:25:10
veracode
veracode
Cross-site Scripting (XSS)
2021-10-22 05:28:55
osv
osv
CVE-2021-41169
2021-10-21 21:15:08
cnvd
cnvd
SULU Sulu Cross-Site Scripting Vulnerability
2021-10-25 00:00:00
cve
cve
CVE-2021-41169
2021-10-21 21:15:08