CVE-2021-41169

MEDIUM

Sulu <1.6.43 - XSS

Title source: llm

Description

Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.

References (2)

Core 2

Core References

Third Party Advisory x_refsource_confirm

https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx

Patch, Third Party Advisory x_refsource_misc

https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445

View Patch ZIP pw:eip

Scores

CVSS v3 6.2

EPSS 0.0029

EPSS Percentile 52.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

Details

CWE

CWE-79

Status published

Products (2)

sulu/sulu < 1.6.43

sulu/sulu 0 - 1.6.43Packagist

Published Oct 21, 2021

Tracked Since Feb 18, 2026