CVE-2021-32737

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-32737

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32737.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-32737

Aliases

GHSA-gm2x-6475-g9r8

Related

GHSA-gm2x-6475-g9r8

Published

2021-07-02T18:15:09.603Z

Modified

2026-03-17T23:29:21.028993Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating.

References

Affected packages

Git / github.com/sulu/sulu

Affected ranges

Type

GIT

Repo

https://github.com/sulu/sulu

Events

Introduced

Fixed

9a569c43076f60dab0407f21a862bea76f23b3ae

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.6.41"
        }
    ]
}

Affected versions

0.*

0.1.0

0.1.1

0.10.0

0.10.1

0.11.0

0.11.1

0.11.2

0.12.0

0.13.0

0.13.1

0.13.2

0.14.0

0.14.1

0.14.2

0.15.0

0.15.1

0.15.2

0.15.3

0.16.0

0.16.1

0.16.2

0.17.0

0.17.0-RC1

0.17.0-RC2

0.18.0

0.18.1

0.18.2

0.2.0

0.3.0

0.4.0

0.5.0

0.6.0

0.6.1

0.6.2

0.6.3

0.6.4

0.6.5

0.6.6

0.6.7

0.6.8

0.7.0

0.7.1

0.8.0

0.8.1

0.8.2

0.8.3

0.8.4

0.8.5

0.9.0

1.*

1.0.0

1.0.0-RC1

1.0.0-RC2

1.0.0-RC3

1.0.1

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1.0

1.1.1

1.1.10

1.1.11

1.1.12

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.2.0

1.2.0-RC1

1.2.0-RC2

1.2.0-RC3

1.2.0-RC4

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.3.0

1.3.0-RC1

1.3.0-RC2

1.3.0-RC3

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.4.0

1.4.0-RC1

1.4.0-RC2

1.4.1

1.4.10

1.4.11

1.4.12

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

1.5.0

1.5.0-RC1

1.5.0-RC2

1.5.0-RC3

1.5.1

1.5.10

1.5.11

1.5.12

1.5.13

1.5.14

1.5.15

1.5.16

1.5.17

1.5.18

1.5.19

1.5.2

1.5.20

1.5.21

1.5.22

1.5.23

1.5.24

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.5.8

1.5.9

1.6.0

1.6.0-RC1

1.6.1

1.6.10

1.6.11

1.6.12

1.6.13

1.6.14

1.6.15

1.6.16

1.6.17

1.6.18

1.6.19

1.6.2

1.6.20

1.6.21

1.6.22

1.6.23

1.6.24

1.6.25

1.6.26

1.6.27

1.6.28

1.6.29

1.6.3

1.6.30

1.6.31

1.6.32

1.6.33

1.6.34

1.6.35

1.6.36

1.6.37

1.6.38

1.6.39

1.6.4

1.6.40

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32737.json"