CVE-2021-41169
6.2 MEDIUMSulu is an open-source PHP content management system based on the Symfony framework
Published: 2021-10-21 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 6.2 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
- CWE
- CWE-79
Affected products
| Vendor | Product |
|---|---|
| sulu | sulu |
Description
Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41169
- [Patch]https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445
- [Other]https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx
- [Patch]https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445
- [Other]https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx
Related CVEs
Same CWE
- CVE-2026-12425 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access ...
- CVE-2024-30476 — PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager (5.4 MEDIUM)
- CVE-2026-54198 — Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions (7.1 HIGH)
- CVE-2026-54191 — Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions (7.1 HIGH)
- CVE-2026-39437 — Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions (7.1 HIGH)