CVE-2021-21319

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-21319
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21319.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-21319
Related
Published
2021-10-25T16:15:08Z
Modified
2025-01-15T01:47:29.718201Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround (this is the default state). Malicious javascript code can be executed (not stored) on login and retrieve password pages. This issue is patched in version 0.9.5.

References

Affected packages

Git / github.com/galette/galette

Affected ranges

Type
GIT
Repo
https://github.com/galette/galette
Events

Affected versions

0.*

0.7.0
0.7.0.1
0.7.0.2
0.7.1
0.7.1.1
0.7.1.2
0.7.1.3
0.7.1.4
0.7.1.5
0.7.1.6
0.7.1.7
0.7.2
0.7.2.1
0.7.2.2
0.7.2.3
0.7.2.4
0.7.2.5
0.7.2.6
0.7.2.7
0.7.2.8
0.7.2.9
0.7.3
0.7.3.1
0.7.3.2
0.7.4
0.7.4.1
0.7.4.2
0.7.4.3
0.7.4.4
0.7.4.5
0.7.5
0.7.5.1
0.7.5.2
0.7.5.3
0.7.5.4
0.7.5.5
0.7.6
0.7.6.1
0.7.7
0.7.8
0.8
0.8.1
0.8.2
0.8.2.1
0.8.2.2
0.8.2.3
0.8.3
0.8.3.1
0.8.3.2
0.8.3.3
0.8.3.4
0.9
0.9.1
0.9.1.1
0.9.1.2
0.9.1rc1
0.9.2
0.9.2.1
0.9.3
0.9.3.1
0.9.4
0.9.4.1
0.9.4.2
0.9rc1
0.9rc2
0.9rc3