{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T16:23:37.374","vulnerabilities":[{"cve":{"id":"CVE-2021-41169","sourceIdentifier":"security-advisories@github.com","published":"2021-10-21T21:15:08.303","lastModified":"2024-11-21T06:25:39.590","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade."},{"lang":"es","value":"Sulu es un sistema de administración de contenidos PHP de código abierto basado en el framework Symfony. En versiones anteriores a 1.6.43, está sujeto a ataques de tipo cross site scripting almacenados. La entrada de HTML en los nombres de las etiquetas no está saneada apropiadamente. Sólo usuarios administradores pueden crear etiquetas. Se aconseja a los usuarios que actualicen"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*","versionEndExcluding":"1.6.43","matchCriteriaId":"D4D351AF-03E0-4B53-A95D-8F70BBC17799"}]}]}],"references":[{"url":"https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}