GHSA-h58v-g3q6-q9fx
Suggest an improvement- Source
- https://github.com/advisories/GHSA-h58v-g3q6-q9fx
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-h58v-g3q6-q9fx/GHSA-h58v-g3q6-q9fx.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-h58v-g3q6-q9fx
- Aliases
- Published
- 2021-10-22T16:20:53Z
- Modified
- 2023-11-08T04:06:53.403114Z
- Severity
-
- 6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in sulu/sulu
- Details
-
Impact
What kind of vulnerability is it? Who is impacted?
It is an issue when input HTML into the Tag name. The HTML is execute when the tag name is listed in the auto complete form. Only admin users are affected and only admin users can create tags.
Patches
Has the problem been patched? What versions should users upgrade to?
The problem is patched with Version 1.6.42.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Create a custom request listener to avoid that this kind of tags are created.
References
Are there any links users can visit to find out more?
Currently not.
For more information
If you have any questions or comments about this advisory:
- Open an issue in sulu/sulu repository
- Email us at security@sulu.io
- Database specific
{ "nvd_published_at": "2021-10-21T21:15:00Z", "github_reviewed_at": "2021-10-21T21:33:34Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-79" ] }- References
Affected packages
Packagist / sulu/sulu
Package
- Name
- sulu/sulu
- Purl
- pkg:composer/sulu/sulu
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.6.43
Affected versions
0.*
0.1.0
0.1.1
0.2.0
0.3.0
0.4.0
0.5.0
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.7.0
0.7.1
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.9.0
0.10.0
0.10.1
0.10.2
0.11.0
0.11.1
0.11.2
0.12.0
0.13.0
0.13.1
0.13.2
0.14.0
0.14.1
0.14.2
0.15.0
0.15.1
0.15.2
0.15.3
0.16.0
0.16.1
0.16.2
0.17.0-RC1
0.17.0-RC2
0.17.0
0.18.0
0.18.1
0.18.2
1.*
1.0.0-RC1
1.0.0-RC2
1.0.0-RC3
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.1.0-beta1
1.1.0-RC1
1.1.0-RC2
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.1.10
1.1.11
1.1.12
1.2.0-RC1
1.2.0-RC2
1.2.0-RC3
1.2.0-RC4
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.3.0-RC1
1.3.0-RC2
1.3.0-RC3
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
1.3.10
1.3.11
1.4.0-RC1
1.4.0-RC2
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.4.10
1.4.11
1.4.12
1.5.0-RC1
1.5.0-RC2
1.5.0-RC3
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
1.5.10
1.5.11
1.5.12
1.5.13
1.5.14
1.5.15
1.5.16
1.5.17
1.5.18
1.5.19
1.5.20
1.5.21
1.5.22
1.5.23
1.5.24
1.6.0-RC1
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9
1.6.10
1.6.11
1.6.12
1.6.13
1.6.14
1.6.15
1.6.16
1.6.17
1.6.18
1.6.19
1.6.20
1.6.21
1.6.22
1.6.23
1.6.24
1.6.25
1.6.26
1.6.27
1.6.28
1.6.29
1.6.30
1.6.31
1.6.32
1.6.33
1.6.34
1.6.35
1.6.36
1.6.37
1.6.38
1.6.39
1.6.40
1.6.41
1.6.42