in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information.
{
"cpe": [
"cpe:2.3:a:sickrage:sickrage:*:*:*:*:*:*:*:*",
"cpe:2.3:a:sickrage:sickrage:10.0.11:-:*:*:*:*:*:*",
"cpe:2.3:a:sickrage:sickrage:10.0.11:dev1:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "4.2.0"
},
{
"last_affected": "10.0.11"
},
{
"introduced": "10.0.11-NA"
},
{
"last_affected": "10.0.11-NA"
},
{
"introduced": "10.0.11-dev1"
},
{
"last_affected": "10.0.11-dev1"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING",
"REFERENCES"
]
}