CVE-2021-25925
MEDIUM5.4EPSS 0.18%Cross-site scripting in SiCKRAGE
發布日:2021/4/20修改日:2025/4/30
描述
in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information.
受影響套件(2)
- PyPI/sickrage>= 4.2.0, < 10.0.11.dev2
- PyPI/sickragefrom 0, < 9f42426727e16609ad3d1337f6637588b8ed28e4 | >= 4.2.0, < 10.0.12.dev1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
參考連結(6)
- ADVISORYhttps://github.com/advisories/GHSA-rmp7-f2vp-3rq4
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-25925
- PATCHhttps://github.com/SiCKRAGE/SiCKRAGE
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/sickrage/PYSEC-2021-147.yaml
- WEBhttps://github.com/SiCKRAGE/SiCKRAGE/commit/9f42426727e16609ad3d1337f6637588b8ed28e4
- WEBhttps://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25925