CVE-2021-41261

HIGH

Galette <0.9.6 - XSS

Title source: llm

Description

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been resolved in the 0.9.6 release and all users are advised to upgrade. There are no known workarounds.

References (2)

Core 2

Core References

Third Party Advisory x_refsource_confirm

https://github.com/galette/galette/security/advisories/GHSA-28fg-cp22-6c33

Patch, Third Party Advisory x_refsource_misc

https://github.com/galette/galette/commit/0d55bc7f420470e0dbca91ebe7899c592905cbc5

View Patch ZIP pw:eip

Scores

CVSS v3 8.1

EPSS 0.0035

EPSS Percentile 57.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

Details

CWE

CWE-79

Status published

Products (1)

galette/galette < 0.9.6

Published Dec 16, 2021

Tracked Since Feb 18, 2026