CVE-2021-41169
- EPSS 0.57%
- Veröffentlicht 21.10.2021 21:15:08
- Zuletzt bearbeitet 21.11.2024 06:25:39
Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to cr...
CVE-2021-32737
- EPSS 0.67%
- Veröffentlicht 02.07.2021 18:15:09
- Zuletzt bearbeitet 21.11.2024 06:07:38
Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem ...
CVE-2020-15132
- EPSS 1.11%
- Veröffentlicht 05.08.2020 21:15:12
- Zuletzt bearbeitet 21.11.2024 05:04:54
In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, a...