CVE-2021-32737
Sulu (PHP CMS on Symfony) prior to 1.6.41 is vulnerable to cross-site scripting via the collection title when performed by a logged-in admin. The issue stems from improper handling/validation of input in the collection title, allowing a script to be injected and executed in the victim’s browser. ...