Moderate severityNVD Advisory· Published Jul 2, 2021· Updated Aug 3, 2024
XSS Injection in Media Collection Title was possible
CVE-2021-32737
Description
Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sulu/suluPackagist | < 1.6.41 | 1.6.41 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-gm2x-6475-g9r8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-32737ghsaADVISORY
- github.com/sulu/sulu/releases/tag/1.6.41ghsax_refsource_MISCWEB
- github.com/sulu/sulu/security/advisories/GHSA-gm2x-6475-g9r8ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.