admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-411xx/CVE-2021-41169.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

133 lines
4.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-41169",
"sourceIdentifier": "security-advisories@github.com",
"published": "2021-10-21T21:15:08.303",
"lastModified": "2021-10-27T15:41:05.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade."
},
{
"lang": "es",
"value": "Sulu es un sistema de administraci\u00f3n de contenidos PHP de c\u00f3digo abierto basado en el framework Symfony. En versiones anteriores a 1.6.43, est\u00e1 sujeto a ataques de tipo cross site scripting almacenados. La entrada de HTML en los nombres de las etiquetas no est\u00e1 saneada apropiadamente. S\u00f3lo usuarios administradores pueden crear etiquetas. Se aconseja a los usuarios que actualicen"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 4.0
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.5
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.6.43",
"matchCriteriaId": "D4D351AF-03E0-4B53-A95D-8F70BBC17799"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink