CVE-2021-41169 MEDIUM

CVE-2021-41169: Improper Neutralization HTML tags in sulu/sulu

Vendor Sulu
Product sulu
Weakness CWE-79 · XSS
Published October 21, 2021
Last update August 4, 2024
View on NVD All CVEs

CVSS base score

6.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.

Key dates

02Disclosure timeline

October 21, 2021 CVE published
August 4, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-56265 WordPress WooCommerce - PDF Vouchers plugin < 4.9.9 - Cross Site Scripting (XSS) vulnerability CVE-2025-24646 WordPress XML for Avito Plugin <= 2.5.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2026-2101 Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Release 19 CVE-2024-30440 WordPress Themify Event Post plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability CVE-2021-21084 Adobe Experience Manager stored cross-site scripting vulnerability in resource resolver factory could lead to arbitrary code execution