Moderate severityNVD Advisory· Published Apr 12, 2021· Updated Apr 30, 2025

CVE-2021-25925

Description

in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
sickragePyPI	>= 4.2.0, < 10.0.11.dev2	10.0.11.dev2

Affected products

SiCKRAGE/SiCKRAGEdescription
ghsa-coords
pkg:pypi/sickrage
Range: >= 4.2.0, < 10.0.11.dev2

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-rmp7-f2vp-3rq4ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-25925ghsaADVISORY
github.com/SiCKRAGE/SiCKRAGE/commit/9f42426727e16609ad3d1337f6637588b8ed28e4ghsax_refsource_MISCWEB
github.com/pypa/advisory-database/tree/main/vulns/sickrage/PYSEC-2021-147.yamlghsaWEB
www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25925ghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000