CVE-2021-41169

MEDIUM
Published Oct 21, 20214y ago · Modified Jun 17, 20262w ago
4.8 CVSS 3.1
Medium
Find Similar
Published Oct 21, 2021 4y ago
Last Modified Jun 17, 2026 2w ago

Description

Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.

CVSS Details

Base Score
4.8
Exploitability
1.7
Impact
2.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
sulusulu* <1.6.43

References 2

  • github.com https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445
    PatchThird Party Advisory
  • github.com https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx
    Third Party Advisory

Remediation

  • github.com https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445
    PatchThird Party Advisory