CVE-2021-41169
MEDIUMSulu < 1.6.43 - Authenticated Stored Cross-Site Scripting in Tag Name Input
Title source: llmDescription
Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx
Patch, Third Party Advisory x_refsource_misc
https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445
Scores
CVSS v3
6.2
EPSS
0.0057
EPSS Percentile
42.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
Details
CWE
CWE-79
Status
published
Products (2)
sulu/sulu
< 1.6.43
sulu/sulu
0 - 1.6.43Packagist
Published
Oct 21, 2021
Tracked Since
Feb 18, 2026