Action not permitted
Modal body text goes here.
ghsa-rmp7-f2vp-3rq4
Vulnerability from github
Published
2021-04-20 16:31
Modified
2025-04-30 20:23
Severity ?
Summary
Cross-site scripting in SiCKRAGE
Details
in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.0.11.dev1"
},
"package": {
"ecosystem": "PyPI",
"name": "sickrage"
},
"ranges": [
{
"events": [
{
"introduced": "4.2.0"
},
{
"fixed": "10.0.11.dev2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-25925"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-13T20:56:03Z",
"nvd_published_at": "2021-04-12T14:15:00Z",
"severity": "MODERATE"
},
"details": "in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user\u2019s sensitive information.",
"id": "GHSA-rmp7-f2vp-3rq4",
"modified": "2025-04-30T20:23:25Z",
"published": "2021-04-20T16:31:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25925"
},
{
"type": "WEB",
"url": "https://github.com/SiCKRAGE/SiCKRAGE/commit/9f42426727e16609ad3d1337f6637588b8ed28e4"
},
{
"type": "PACKAGE",
"url": "https://github.com/SiCKRAGE/SiCKRAGE"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/sickrage/PYSEC-2021-147.yaml"
},
{
"type": "WEB",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25925"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Cross-site scripting in SiCKRAGE"
}
pysec-2021-147
Vulnerability from pysec
Published
2021-04-12 14:15
Modified
2021-08-27 03:22
Details
in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information.
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "sickrage",
"purl": "pkg:pypi/sickrage"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9f42426727e16609ad3d1337f6637588b8ed28e4"
}
],
"repo": "https://github.com/SiCKRAGE/SiCKRAGE",
"type": "GIT"
},
{
"events": [
{
"introduced": "4.2.0"
},
{
"fixed": "10.0.12.dev1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.0.0",
"10.0.0.dev10",
"10.0.0.dev11",
"10.0.0.dev12",
"10.0.0.dev13",
"10.0.0.dev14",
"10.0.0.dev15",
"10.0.0.dev16",
"10.0.0.dev17",
"10.0.0.dev18",
"10.0.0.dev19",
"10.0.0.dev20",
"10.0.0.dev21",
"10.0.0.dev22",
"10.0.0.dev23",
"10.0.0.dev24",
"10.0.0.dev25",
"10.0.0.dev26",
"10.0.0.dev27",
"10.0.0.dev28",
"10.0.0.dev29",
"10.0.0.dev3",
"10.0.0.dev30",
"10.0.0.dev31",
"10.0.0.dev33",
"10.0.0.dev34",
"10.0.0.dev35",
"10.0.0.dev4",
"10.0.0.dev5",
"10.0.0.dev6",
"10.0.0.dev7",
"10.0.0.dev8",
"10.0.0.dev9",
"10.0.1",
"10.0.1.dev1",
"10.0.10",
"10.0.10.dev1",
"10.0.10.dev2",
"10.0.11",
"10.0.11.dev1",
"10.0.11.dev2",
"10.0.2",
"10.0.2.dev1",
"10.0.3",
"10.0.3.dev1",
"10.0.4",
"10.0.4.dev1",
"10.0.4.dev2",
"10.0.4.dev3",
"10.0.4.dev4",
"10.0.5",
"10.0.5.dev1",
"10.0.6",
"10.0.6.dev1",
"10.0.7",
"10.0.7.dev1",
"10.0.7.dev2",
"10.0.8",
"10.0.8.dev1",
"10.0.8.dev2",
"10.0.8.dev3",
"10.0.9",
"10.0.9.dev2",
"6.0.47",
"6.0.48",
"6.0.49",
"6.0.50",
"6.0.51",
"6.0.52",
"6.0.53",
"6.0.54",
"6.0.55",
"7.0.0",
"7.0.1",
"7.0.10",
"7.0.12",
"7.0.16",
"7.0.17",
"7.0.18",
"7.0.19",
"7.0.2",
"7.0.20",
"7.0.21",
"7.0.22",
"7.0.23",
"7.0.3",
"7.0.5",
"7.0.6",
"7.0.7",
"7.0.8",
"7.0.9",
"8.0.0",
"8.0.1",
"8.0.11",
"8.0.2",
"8.0.3",
"8.0.4",
"8.0.5",
"8.0.6",
"8.0.7",
"8.0.9",
"8.1.0",
"8.1.1",
"8.1.2",
"8.1.3",
"8.1.4",
"8.1.5",
"8.1.7",
"8.1.8",
"8.1.9",
"8.2.0",
"8.2.1",
"8.2.2",
"8.2.3",
"8.2.4",
"8.3.0",
"8.3.1",
"8.3.2",
"8.3.3",
"8.3.4",
"8.3.7",
"8.3.8",
"8.3.9",
"8.4.0",
"8.4.1",
"8.4.2",
"8.4.3",
"8.4.5",
"8.4.6",
"8.4.7",
"8.5.0",
"8.5.1",
"8.5.3",
"8.5.6",
"8.6.3",
"8.6.4",
"8.6.5",
"8.6.6",
"8.6.7",
"8.6.8",
"8.6.9",
"8.7.0",
"8.7.1",
"8.7.2",
"8.7.3",
"8.7.4",
"8.7.5",
"8.7.6",
"8.7.7",
"8.7.8",
"8.7.9",
"8.8.0",
"8.8.1",
"8.8.2",
"8.8.3",
"8.8.4",
"8.8.5",
"8.8.6",
"8.8.7",
"8.8.8",
"8.9.0",
"8.9.1",
"8.9.2",
"8.9.3",
"8.9.4",
"8.9.5",
"8.9.7",
"8.9.8",
"8.9.9",
"9.0.0",
"9.0.1",
"9.0.10",
"9.0.11",
"9.0.12",
"9.0.13",
"9.0.14",
"9.0.15",
"9.0.16",
"9.0.17",
"9.0.18",
"9.0.19",
"9.0.2",
"9.0.20",
"9.0.21",
"9.0.22",
"9.0.23",
"9.0.24",
"9.0.25",
"9.0.26",
"9.0.27",
"9.0.28",
"9.0.29",
"9.0.3",
"9.0.30",
"9.0.31",
"9.0.33",
"9.0.34",
"9.0.35",
"9.0.37",
"9.0.38",
"9.0.39",
"9.0.4",
"9.0.40",
"9.0.41",
"9.0.42",
"9.0.43",
"9.0.44",
"9.0.5",
"9.0.6",
"9.0.61",
"9.0.62",
"9.0.63",
"9.0.65",
"9.0.66",
"9.0.67",
"9.0.68",
"9.0.69",
"9.0.70",
"9.0.71",
"9.0.72",
"9.0.73",
"9.0.74",
"9.0.75",
"9.0.78",
"9.0.8",
"9.0.81",
"9.0.82",
"9.0.83",
"9.0.84",
"9.0.85",
"9.0.87",
"9.0.88",
"9.0.89",
"9.0.9",
"9.0.90",
"9.1.1",
"9.1.10",
"9.1.13",
"9.1.14",
"9.1.15",
"9.1.16",
"9.1.17",
"9.1.18",
"9.1.19",
"9.1.20",
"9.1.23",
"9.1.24",
"9.1.25",
"9.1.26",
"9.1.27",
"9.1.28",
"9.1.29",
"9.1.3",
"9.1.30",
"9.1.31",
"9.1.32",
"9.1.33",
"9.1.34",
"9.1.35",
"9.1.36",
"9.1.38",
"9.1.39",
"9.1.4",
"9.1.42",
"9.1.43",
"9.1.44",
"9.1.45",
"9.1.46",
"9.1.47",
"9.1.48",
"9.1.49",
"9.1.5",
"9.1.50",
"9.1.51",
"9.1.52",
"9.1.53",
"9.1.54",
"9.1.55",
"9.1.56",
"9.1.57",
"9.1.58",
"9.1.59",
"9.1.6",
"9.1.60",
"9.1.62",
"9.1.63",
"9.1.64",
"9.1.65",
"9.1.66",
"9.1.67",
"9.1.68",
"9.1.69",
"9.1.7",
"9.1.70",
"9.1.72",
"9.1.74",
"9.1.76",
"9.1.77",
"9.1.78",
"9.1.8",
"9.1.9",
"9.2.10",
"9.2.100",
"9.2.101",
"9.2.11",
"9.2.13",
"9.2.14",
"9.2.15",
"9.2.16",
"9.2.17",
"9.2.18",
"9.2.19",
"9.2.2",
"9.2.20",
"9.2.21",
"9.2.22",
"9.2.23",
"9.2.24",
"9.2.25",
"9.2.26",
"9.2.27",
"9.2.29",
"9.2.30",
"9.2.31",
"9.2.32",
"9.2.34",
"9.2.36",
"9.2.38",
"9.2.4",
"9.2.40",
"9.2.42",
"9.2.43",
"9.2.44",
"9.2.47",
"9.2.48",
"9.2.5",
"9.2.51",
"9.2.52",
"9.2.53",
"9.2.54",
"9.2.55",
"9.2.56",
"9.2.57",
"9.2.61",
"9.2.62",
"9.2.63",
"9.2.64",
"9.2.65",
"9.2.66",
"9.2.67",
"9.2.68",
"9.2.69",
"9.2.70",
"9.2.71",
"9.2.73",
"9.2.76",
"9.2.77",
"9.2.78",
"9.2.79",
"9.2.8",
"9.2.80",
"9.2.83",
"9.2.84",
"9.2.85",
"9.2.86",
"9.2.87",
"9.2.89",
"9.2.9",
"9.2.90",
"9.2.91",
"9.2.92",
"9.2.93",
"9.2.94",
"9.2.95",
"9.2.97",
"9.2.98",
"9.2.99",
"9.3.10",
"9.3.11",
"9.3.11.dev1",
"9.3.12",
"9.3.13",
"9.3.13.dev2",
"9.3.13.dev5",
"9.3.14",
"9.3.15",
"9.3.16",
"9.3.17",
"9.3.18",
"9.3.18.dev1",
"9.3.18.dev2",
"9.3.18.dev3",
"9.3.19",
"9.3.19.dev1",
"9.3.19.dev2",
"9.3.19.dev3",
"9.3.2",
"9.3.20",
"9.3.20.dev1",
"9.3.20.dev3",
"9.3.20.dev4",
"9.3.20.dev5",
"9.3.20.dev6",
"9.3.21",
"9.3.21.dev1",
"9.3.21.dev2",
"9.3.21.dev3",
"9.3.21.dev4",
"9.3.22",
"9.3.22.dev1",
"9.3.22.dev2",
"9.3.22.dev3",
"9.3.22.dev4",
"9.3.23",
"9.3.23.dev1",
"9.3.23.dev2",
"9.3.24",
"9.3.25",
"9.3.26",
"9.3.27",
"9.3.27.dev1",
"9.3.28",
"9.3.29",
"9.3.3",
"9.3.34",
"9.3.35",
"9.3.35.dev1",
"9.3.35.dev2",
"9.3.36",
"9.3.36.dev1",
"9.3.37",
"9.3.38",
"9.3.39",
"9.3.4",
"9.3.40",
"9.3.41",
"9.3.42",
"9.3.43",
"9.3.44",
"9.3.45",
"9.3.46",
"9.3.47",
"9.3.48",
"9.3.49",
"9.3.5",
"9.3.50",
"9.3.51",
"9.3.52",
"9.3.53",
"9.3.54",
"9.3.54.dev1",
"9.3.55",
"9.3.56",
"9.3.56.dev1",
"9.3.56.dev10",
"9.3.56.dev11",
"9.3.56.dev12",
"9.3.56.dev13",
"9.3.56.dev14",
"9.3.56.dev15",
"9.3.56.dev16",
"9.3.56.dev17",
"9.3.56.dev18",
"9.3.56.dev19",
"9.3.56.dev2",
"9.3.56.dev20",
"9.3.56.dev21",
"9.3.56.dev22",
"9.3.56.dev23",
"9.3.56.dev24",
"9.3.56.dev25",
"9.3.56.dev26",
"9.3.56.dev27",
"9.3.56.dev28",
"9.3.56.dev29",
"9.3.56.dev3",
"9.3.56.dev4",
"9.3.56.dev5",
"9.3.56.dev6",
"9.3.56.dev7",
"9.3.56.dev8",
"9.3.56.dev9",
"9.3.57",
"9.3.58",
"9.3.58.dev1",
"9.3.58.dev2",
"9.3.59",
"9.3.59.dev1",
"9.3.59.dev2",
"9.3.59.dev3",
"9.3.6",
"9.3.60",
"9.3.60.dev1",
"9.3.61",
"9.3.62",
"9.3.63",
"9.3.64",
"9.3.65",
"9.3.65.dev1",
"9.3.65.dev2",
"9.3.65.dev3",
"9.3.66",
"9.3.66.dev1",
"9.3.66.dev2",
"9.3.67",
"9.3.68",
"9.3.69",
"9.3.7",
"9.3.7.dev1",
"9.3.7.dev2",
"9.3.7.dev3",
"9.3.70",
"9.3.70.dev1",
"9.3.70.dev2",
"9.3.71",
"9.3.72",
"9.3.72.dev1",
"9.3.73",
"9.3.74",
"9.3.74.dev1",
"9.3.75",
"9.3.76",
"9.3.77",
"9.3.78",
"9.3.79",
"9.3.79.dev1",
"9.3.79.dev10",
"9.3.79.dev2",
"9.3.79.dev3",
"9.3.79.dev4",
"9.3.79.dev5",
"9.3.79.dev6",
"9.3.79.dev7",
"9.3.79.dev8",
"9.3.79.dev9",
"9.3.8",
"9.3.80",
"9.3.80.dev1",
"9.3.80.dev2",
"9.3.80.dev3",
"9.3.80.dev4",
"9.3.80.dev5",
"9.3.80.dev6",
"9.3.81",
"9.3.81.dev1",
"9.3.82",
"9.3.83",
"9.3.83.dev1",
"9.3.84",
"9.3.85",
"9.3.86",
"9.3.87",
"9.3.88",
"9.3.89",
"9.3.90",
"9.3.91",
"9.3.92",
"9.3.93",
"9.3.94",
"9.3.95",
"9.3.96",
"9.3.97",
"9.3.98",
"9.3.99",
"9.4.1",
"9.4.10",
"9.4.100",
"9.4.101",
"9.4.102",
"9.4.103",
"9.4.104",
"9.4.105",
"9.4.106",
"9.4.106.dev1",
"9.4.106.dev2",
"9.4.106.dev3",
"9.4.106.dev4",
"9.4.106.dev5",
"9.4.106.dev6",
"9.4.107",
"9.4.108",
"9.4.109",
"9.4.11",
"9.4.110",
"9.4.111",
"9.4.113",
"9.4.114",
"9.4.115",
"9.4.116",
"9.4.117",
"9.4.118",
"9.4.119",
"9.4.12",
"9.4.120",
"9.4.120.dev1",
"9.4.121.dev1",
"9.4.122.dev1",
"9.4.123",
"9.4.123.dev1",
"9.4.124",
"9.4.124.dev2",
"9.4.13",
"9.4.130",
"9.4.131",
"9.4.131.dev1",
"9.4.132",
"9.4.132.dev1",
"9.4.133",
"9.4.133.dev1",
"9.4.134",
"9.4.134.dev1",
"9.4.134.dev2",
"9.4.134.dev3",
"9.4.134.dev4",
"9.4.134.dev5",
"9.4.134.dev6",
"9.4.134.dev7",
"9.4.135",
"9.4.136",
"9.4.137",
"9.4.137.dev1",
"9.4.138",
"9.4.138.dev1",
"9.4.139",
"9.4.139.dev1",
"9.4.139.dev2",
"9.4.14",
"9.4.141",
"9.4.142",
"9.4.143",
"9.4.143.dev1",
"9.4.144",
"9.4.144.dev1",
"9.4.145",
"9.4.145.dev1",
"9.4.145.dev2",
"9.4.146",
"9.4.146.dev1",
"9.4.147",
"9.4.147.dev1",
"9.4.148",
"9.4.148.dev1",
"9.4.149",
"9.4.149.dev1",
"9.4.15",
"9.4.150",
"9.4.150.dev1",
"9.4.151",
"9.4.151.dev1",
"9.4.152",
"9.4.152.dev1",
"9.4.153",
"9.4.153.dev1",
"9.4.154",
"9.4.154.dev1",
"9.4.155",
"9.4.155.dev1",
"9.4.156",
"9.4.156.dev1",
"9.4.157",
"9.4.157.dev1",
"9.4.158",
"9.4.158.dev1",
"9.4.159",
"9.4.159.dev1",
"9.4.16",
"9.4.160",
"9.4.160.dev1",
"9.4.161",
"9.4.161.dev1",
"9.4.162.dev1",
"9.4.163",
"9.4.164",
"9.4.164.dev1",
"9.4.164.dev2",
"9.4.165",
"9.4.165.dev1",
"9.4.166",
"9.4.166.dev1",
"9.4.167",
"9.4.167.dev1",
"9.4.168",
"9.4.168.dev1",
"9.4.168.dev2",
"9.4.169",
"9.4.169.dev1",
"9.4.169.dev2",
"9.4.17",
"9.4.170",
"9.4.171",
"9.4.171.dev1",
"9.4.172",
"9.4.172.dev1",
"9.4.173",
"9.4.173.dev1",
"9.4.174",
"9.4.174.dev1",
"9.4.175",
"9.4.175.dev1",
"9.4.176",
"9.4.177",
"9.4.178",
"9.4.178.dev1",
"9.4.178.dev15",
"9.4.178.dev16",
"9.4.178.dev17",
"9.4.178.dev2",
"9.4.178.dev3",
"9.4.178.dev4",
"9.4.178.dev5",
"9.4.178.dev6",
"9.4.178.dev7",
"9.4.178.dev8",
"9.4.179",
"9.4.179.dev1",
"9.4.18",
"9.4.181",
"9.4.182.dev1",
"9.4.182.dev2",
"9.4.183",
"9.4.184.dev1",
"9.4.184.dev4",
"9.4.184.dev5",
"9.4.184.dev6",
"9.4.184.dev8",
"9.4.184.dev9",
"9.4.186",
"9.4.186.dev1",
"9.4.187",
"9.4.187.dev5",
"9.4.188",
"9.4.188.dev1",
"9.4.189",
"9.4.189.dev1",
"9.4.189.dev2",
"9.4.189.dev3",
"9.4.19",
"9.4.190",
"9.4.190.dev1",
"9.4.190.dev2",
"9.4.191",
"9.4.191.dev1",
"9.4.191.dev2",
"9.4.192",
"9.4.192.dev1",
"9.4.192.dev2",
"9.4.192.dev3",
"9.4.193",
"9.4.193.dev1",
"9.4.193.dev2",
"9.4.194",
"9.4.194.dev1",
"9.4.194.dev2",
"9.4.194.dev3",
"9.4.194.dev4",
"9.4.194.dev5",
"9.4.194.dev6",
"9.4.195",
"9.4.195.dev1",
"9.4.196",
"9.4.196.dev1",
"9.4.197",
"9.4.197.dev1",
"9.4.197.dev3",
"9.4.197.dev4",
"9.4.197.dev5",
"9.4.198",
"9.4.198.dev1",
"9.4.199",
"9.4.199.dev1",
"9.4.2",
"9.4.20",
"9.4.200",
"9.4.200.dev1",
"9.4.200.dev10",
"9.4.200.dev3",
"9.4.200.dev4",
"9.4.200.dev5",
"9.4.200.dev6",
"9.4.200.dev7",
"9.4.200.dev8",
"9.4.200.dev9",
"9.4.201",
"9.4.202",
"9.4.202.dev10",
"9.4.202.dev11",
"9.4.202.dev12",
"9.4.202.dev13",
"9.4.202.dev14",
"9.4.202.dev15",
"9.4.202.dev16",
"9.4.202.dev17",
"9.4.202.dev18",
"9.4.202.dev2",
"9.4.202.dev20",
"9.4.202.dev21",
"9.4.202.dev22",
"9.4.202.dev23",
"9.4.202.dev24",
"9.4.202.dev25",
"9.4.202.dev26",
"9.4.202.dev27",
"9.4.202.dev28",
"9.4.202.dev29",
"9.4.202.dev3",
"9.4.202.dev30",
"9.4.202.dev31",
"9.4.202.dev33",
"9.4.202.dev34",
"9.4.202.dev35",
"9.4.202.dev36",
"9.4.202.dev4",
"9.4.202.dev5",
"9.4.202.dev6",
"9.4.202.dev7",
"9.4.202.dev8",
"9.4.202.dev9",
"9.4.203",
"9.4.203.dev1",
"9.4.204",
"9.4.204.dev1",
"9.4.205",
"9.4.205.dev1",
"9.4.205.dev2",
"9.4.205.dev3",
"9.4.205.dev4",
"9.4.205.dev5",
"9.4.206",
"9.4.206.dev1",
"9.4.207",
"9.4.207.dev1",
"9.4.207.dev2",
"9.4.208",
"9.4.208.dev1",
"9.4.208.dev2",
"9.4.208.dev3",
"9.4.208.dev4",
"9.4.208.dev5",
"9.4.209",
"9.4.209.dev1",
"9.4.21",
"9.4.210",
"9.4.210.dev1",
"9.4.211",
"9.4.211.dev1",
"9.4.211.dev2",
"9.4.212",
"9.4.212.dev1",
"9.4.212.dev10",
"9.4.212.dev11",
"9.4.212.dev12",
"9.4.212.dev13",
"9.4.212.dev14",
"9.4.212.dev15",
"9.4.212.dev16",
"9.4.212.dev17",
"9.4.212.dev18",
"9.4.212.dev19",
"9.4.212.dev2",
"9.4.212.dev20",
"9.4.212.dev21",
"9.4.212.dev22",
"9.4.212.dev23",
"9.4.212.dev24",
"9.4.212.dev25",
"9.4.212.dev26",
"9.4.212.dev28",
"9.4.212.dev29",
"9.4.212.dev3",
"9.4.212.dev30",
"9.4.212.dev31",
"9.4.212.dev32",
"9.4.212.dev33",
"9.4.212.dev34",
"9.4.212.dev35",
"9.4.212.dev36",
"9.4.212.dev37",
"9.4.212.dev38",
"9.4.212.dev39",
"9.4.212.dev4",
"9.4.212.dev40",
"9.4.212.dev41",
"9.4.212.dev42",
"9.4.212.dev43",
"9.4.212.dev44",
"9.4.212.dev45",
"9.4.212.dev46",
"9.4.212.dev47",
"9.4.212.dev48",
"9.4.212.dev49",
"9.4.212.dev5",
"9.4.212.dev50",
"9.4.212.dev51",
"9.4.212.dev52",
"9.4.212.dev6",
"9.4.212.dev7",
"9.4.212.dev8",
"9.4.212.dev9",
"9.4.213",
"9.4.213.dev1",
"9.4.214",
"9.4.214.dev3",
"9.4.214.dev4",
"9.4.214.dev5",
"9.4.214.dev6",
"9.4.214.dev7",
"9.4.215",
"9.4.215.dev1",
"9.4.216",
"9.4.216.dev1",
"9.4.216.dev2",
"9.4.216.dev3",
"9.4.216.dev4",
"9.4.216.dev5",
"9.4.216.dev6",
"9.4.217",
"9.4.217.dev1",
"9.4.218",
"9.4.218.dev1",
"9.4.219",
"9.4.219.dev1",
"9.4.219.dev2",
"9.4.219.dev3",
"9.4.219.dev4",
"9.4.219.dev5",
"9.4.219.dev6",
"9.4.22",
"9.4.220",
"9.4.220.dev1",
"9.4.221",
"9.4.221.dev1",
"9.4.222",
"9.4.222.dev1",
"9.4.223",
"9.4.223.dev1",
"9.4.224.dev1",
"9.4.224.dev2",
"9.4.224.dev3",
"9.4.224.dev4",
"9.4.224.dev5",
"9.4.224.dev6",
"9.4.224.dev7",
"9.4.224.dev8",
"9.4.23",
"9.4.24",
"9.4.25",
"9.4.26",
"9.4.27",
"9.4.28",
"9.4.29",
"9.4.29.dev1",
"9.4.29.dev2",
"9.4.3",
"9.4.30",
"9.4.30.dev1",
"9.4.31",
"9.4.31.dev1",
"9.4.31.dev2",
"9.4.31.dev3",
"9.4.31.dev4",
"9.4.31.dev5",
"9.4.32",
"9.4.34",
"9.4.35",
"9.4.36",
"9.4.36.dev1",
"9.4.36.dev2",
"9.4.36.dev3",
"9.4.38",
"9.4.39",
"9.4.4",
"9.4.40",
"9.4.41",
"9.4.41.dev1",
"9.4.43",
"9.4.44",
"9.4.45",
"9.4.46",
"9.4.47",
"9.4.48",
"9.4.48.dev1",
"9.4.48.dev2",
"9.4.48.dev3",
"9.4.48.dev4",
"9.4.48.dev5",
"9.4.48.dev6",
"9.4.48.dev7",
"9.4.48.dev8",
"9.4.48.dev9",
"9.4.49",
"9.4.5",
"9.4.50",
"9.4.51",
"9.4.52",
"9.4.53",
"9.4.55",
"9.4.56",
"9.4.56.dev1",
"9.4.56.dev2",
"9.4.56.dev3",
"9.4.56.dev4",
"9.4.56.dev5",
"9.4.57",
"9.4.58",
"9.4.58.dev1",
"9.4.59",
"9.4.59.dev1",
"9.4.59.dev3",
"9.4.6",
"9.4.61",
"9.4.62",
"9.4.62.dev1",
"9.4.63",
"9.4.65",
"9.4.66",
"9.4.68",
"9.4.69",
"9.4.69.dev1",
"9.4.7",
"9.4.70",
"9.4.70.dev1",
"9.4.71",
"9.4.72",
"9.4.73",
"9.4.74",
"9.4.74.dev1",
"9.4.74.dev2",
"9.4.75",
"9.4.76",
"9.4.77",
"9.4.78",
"9.4.79",
"9.4.8",
"9.4.80",
"9.4.81",
"9.4.82",
"9.4.83",
"9.4.84",
"9.4.84.dev2",
"9.4.85.dev10",
"9.4.85.dev11",
"9.4.85.dev12",
"9.4.85.dev13",
"9.4.85.dev14",
"9.4.85.dev15",
"9.4.85.dev16",
"9.4.85.dev17",
"9.4.85.dev18",
"9.4.85.dev19",
"9.4.85.dev2",
"9.4.85.dev20",
"9.4.85.dev21",
"9.4.85.dev22",
"9.4.85.dev23",
"9.4.85.dev24",
"9.4.85.dev25",
"9.4.85.dev26",
"9.4.85.dev27",
"9.4.85.dev28",
"9.4.85.dev29",
"9.4.85.dev3",
"9.4.85.dev30",
"9.4.85.dev31",
"9.4.85.dev35",
"9.4.85.dev36",
"9.4.85.dev37",
"9.4.85.dev4",
"9.4.85.dev5",
"9.4.85.dev6",
"9.4.85.dev7",
"9.4.85.dev8",
"9.4.85.dev9",
"9.4.87.dev1",
"9.4.87.dev2",
"9.4.87.dev3",
"9.4.87.dev4",
"9.4.87.dev5",
"9.4.87.dev6",
"9.4.87.dev7",
"9.4.87.dev8",
"9.4.87.dev9",
"9.4.88.dev2",
"9.4.88.dev3",
"9.4.88.dev4",
"9.4.88.dev5",
"9.4.88.dev6",
"9.4.9",
"9.4.92.dev1",
"9.4.96",
"9.4.96.dev1",
"9.4.96.dev2",
"9.4.97",
"9.4.97.dev1",
"9.4.98",
"9.4.99"
]
}
],
"aliases": [
"CVE-2021-25925",
"GHSA-rmp7-f2vp-3rq4"
],
"details": "in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user\u2019s sensitive information.",
"id": "PYSEC-2021-147",
"modified": "2021-08-27T03:22:21.507681Z",
"published": "2021-04-12T14:15:00Z",
"references": [
{
"type": "FIX",
"url": "https://github.com/SiCKRAGE/SiCKRAGE/commit/9f42426727e16609ad3d1337f6637588b8ed28e4"
},
{
"type": "WEB",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25925"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-rmp7-f2vp-3rq4"
}
]
}
cve-2021-25925
Vulnerability from cvelistv5
Published
2021-04-12 13:48
Modified
2025-04-30 17:34
Severity ?
EPSS score ?
Summary
in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/SiCKRAGE/SiCKRAGE/commit/9f42426727e16609ad3d1337f6637588b8ed28e4 | x_refsource_MISC | |
| https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25925 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SiCKRAGE/SiCKRAGE/commit/9f42426727e16609ad3d1337f6637588b8ed28e4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25925"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-25925",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T17:32:32.724345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T17:34:39.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sickrage",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.2.0-10.0.11.dev1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user\u2019s sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-12T13:48:51.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SiCKRAGE/SiCKRAGE/commit/9f42426727e16609ad3d1337f6637588b8ed28e4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25925"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2021-25925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sickrage",
"version": {
"version_data": [
{
"version_value": "4.2.0-10.0.11.dev1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user\u2019s sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/SiCKRAGE/SiCKRAGE/commit/9f42426727e16609ad3d1337f6637588b8ed28e4",
"refsource": "MISC",
"url": "https://github.com/SiCKRAGE/SiCKRAGE/commit/9f42426727e16609ad3d1337f6637588b8ed28e4"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25925",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25925"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2021-25925",
"datePublished": "2021-04-12T13:48:51.000Z",
"dateReserved": "2021-01-22T00:00:00.000Z",
"dateUpdated": "2025-04-30T17:34:39.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.