Moderate severityNVD Advisory· Published Apr 12, 2021· Updated Apr 30, 2025

CVE-2021-25926

Description

In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the quicksearch feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the context of the user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
sickragePyPI	>= 9.3.54, < 10.0.11.dev2	10.0.11.dev2

Affected products

SiCKRAGE/SiCKRAGEdescription
ghsa-coords
pkg:pypi/sickrage
Range: >= 9.3.54, < 10.0.11.dev2

Patches

Vulnerability mechanics

Synthesis attempt was rejected by the grounding validator. Re-run pending.

References

github.com/advisories/GHSA-x823-j7c4-vpc5ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-25926ghsaADVISORY
github.com/SiCKRAGE/SiCKRAGE/commit/9f42426727e16609ad3d1337f6637588b8ed28e4ghsax_refsource_MISCWEB
github.com/pypa/advisory-database/tree/main/vulns/sickrage/PYSEC-2021-148.yamlghsaWEB
www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25926%2Cmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000