in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information.
References
Link | Resource |
---|---|
https://github.com/SiCKRAGE/SiCKRAGE/commit/9f42426727e16609ad3d1337f6637588b8ed28e4 | Patch Third Party Advisory |
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25925 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mend
Published: 2021-04-12T13:48:51
Updated: 2021-04-12T13:48:51
Reserved: 2021-01-22T00:00:00
Link: CVE-2021-25925
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-12T14:15:16.303
Modified: 2021-04-20T02:38:33.973
Link: CVE-2021-25925
JSON object: View
Redhat Information
No data.
CWE