GHSA-gm2x-6475-g9r8

Source

https://github.com/advisories/GHSA-gm2x-6475-g9r8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/07/GHSA-gm2x-6475-g9r8/GHSA-gm2x-6475-g9r8.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-gm2x-6475-g9r8

Aliases

CVE-2021-32737

Related

CVE-2021-32737

Published

2021-07-02T18:32:18Z

Modified

2026-01-30T02:54:45.956408Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

XSS Injection in Media Collection Title was possible

Details

Impact

A logged in admin user was possible to add a script injection (XSS) in the collection title which was executed.

Workarounds

Manual patching the js files.

For more information

If you have any questions or comments about this advisory:'

Email us at security@sulu.io

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-07-02T18:03:48Z",
    "nvd_published_at": "2021-07-02T18:15:00Z",
    "severity": "MODERATE"
}

References

Affected packages

Packagist / sulu/sulu

Package

Name: sulu/sulu
Purl: pkg:composer/sulu/sulu

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.41

Affected versions

0.*

0.1.0

0.1.1

0.2.0

0.3.0

0.4.0

0.5.0

0.6.0

0.6.1

0.6.2

0.6.3

0.6.4

0.6.5

0.6.6

0.6.7

0.6.8

0.7.0

0.7.1

0.8.0

0.8.1

0.8.2

0.8.3

0.8.4

0.8.5

0.8.6

0.9.0

0.10.0

0.10.1

0.10.2

0.11.0

0.11.1

0.11.2

0.12.0

0.13.0

0.13.1

0.13.2

0.14.0

0.14.1

0.14.2

0.15.0

0.15.1

0.15.2

0.15.3

0.16.0

0.16.1

0.16.2

0.17.0-RC1

0.17.0-RC2

0.17.0

0.18.0

0.18.1

0.18.2

1.*

1.0.0-RC1

1.0.0-RC2

1.0.0-RC3

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.1.0-beta1

1.1.0-RC1

1.1.0-RC2

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.1.10

1.1.11

1.1.12

1.2.0-RC1

1.2.0-RC2

1.2.0-RC3

1.2.0-RC4

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.3.0-RC1

1.3.0-RC2

1.3.0-RC3

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

1.3.10

1.3.11

1.4.0-RC1

1.4.0-RC2

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

1.4.10

1.4.11

1.4.12

1.5.0-RC1

1.5.0-RC2

1.5.0-RC3

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.5.8

1.5.9

1.5.10

1.5.11

1.5.12

1.5.13

1.5.14

1.5.15

1.5.16

1.5.17

1.5.18

1.5.19

1.5.20

1.5.21

1.5.22

1.5.23

1.5.24

1.6.0-RC1

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.6.10

1.6.11

1.6.12

1.6.13

1.6.14

1.6.15

1.6.16

1.6.17

1.6.18

1.6.19

1.6.20

1.6.21

1.6.22

1.6.23

1.6.24

1.6.25

1.6.26

1.6.27

1.6.28

1.6.29

1.6.30

1.6.31

1.6.32

1.6.33

1.6.34

1.6.35

1.6.36

1.6.37

1.6.38

1.6.39

1.6.40

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/07/GHSA-gm2x-6475-g9r8/GHSA-gm2x-6475-g9r8.json"