Action not permitted
Modal body text goes here.
ghsa-x823-j7c4-vpc5
Vulnerability from github
Published
2021-04-20 16:31
Modified
2024-10-22 16:42
Severity ?
Summary
Cross-site scripting in sickrage
Details
In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the quicksearch feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the context of the user.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.0.11.dev1"
},
"package": {
"ecosystem": "PyPI",
"name": "sickrage"
},
"ranges": [
{
"events": [
{
"introduced": "9.3.54"
},
{
"fixed": "10.0.11.dev2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-25926"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-13T20:57:46Z",
"nvd_published_at": "2021-04-12T14:15:00Z",
"severity": "MODERATE"
},
"details": "In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Therefore, an attacker can steal a user\u0027s sessionID to masquerade as a victim user, to carry out any actions in the context of the user.",
"id": "GHSA-x823-j7c4-vpc5",
"modified": "2024-10-22T16:42:54Z",
"published": "2021-04-20T16:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25926"
},
{
"type": "WEB",
"url": "https://github.com/SiCKRAGE/SiCKRAGE/commit/9f42426727e16609ad3d1337f6637588b8ed28e4"
},
{
"type": "PACKAGE",
"url": "https://github.com/SiCKRAGE/SiCKRAGE"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/sickrage/PYSEC-2021-148.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Cross-site scripting in sickrage"
}
pysec-2021-148
Vulnerability from pysec
Published
2021-04-12 14:15
Modified
2021-08-27 03:22
Details
In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the quicksearch feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the context of the user.
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "sickrage",
"purl": "pkg:pypi/sickrage"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9f42426727e16609ad3d1337f6637588b8ed28e4"
}
],
"repo": "https://github.com/SiCKRAGE/SiCKRAGE",
"type": "GIT"
},
{
"events": [
{
"introduced": "9.3.55"
},
{
"fixed": "10.0.12.dev1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.0.0",
"10.0.0.dev10",
"10.0.0.dev11",
"10.0.0.dev12",
"10.0.0.dev13",
"10.0.0.dev14",
"10.0.0.dev15",
"10.0.0.dev16",
"10.0.0.dev17",
"10.0.0.dev18",
"10.0.0.dev19",
"10.0.0.dev20",
"10.0.0.dev21",
"10.0.0.dev22",
"10.0.0.dev23",
"10.0.0.dev24",
"10.0.0.dev25",
"10.0.0.dev26",
"10.0.0.dev27",
"10.0.0.dev28",
"10.0.0.dev29",
"10.0.0.dev3",
"10.0.0.dev30",
"10.0.0.dev31",
"10.0.0.dev33",
"10.0.0.dev34",
"10.0.0.dev35",
"10.0.0.dev4",
"10.0.0.dev5",
"10.0.0.dev6",
"10.0.0.dev7",
"10.0.0.dev8",
"10.0.0.dev9",
"10.0.1",
"10.0.1.dev1",
"10.0.10",
"10.0.10.dev1",
"10.0.10.dev2",
"10.0.11",
"10.0.11.dev1",
"10.0.11.dev2",
"10.0.2",
"10.0.2.dev1",
"10.0.3",
"10.0.3.dev1",
"10.0.4",
"10.0.4.dev1",
"10.0.4.dev2",
"10.0.4.dev3",
"10.0.4.dev4",
"10.0.5",
"10.0.5.dev1",
"10.0.6",
"10.0.6.dev1",
"10.0.7",
"10.0.7.dev1",
"10.0.7.dev2",
"10.0.8",
"10.0.8.dev1",
"10.0.8.dev2",
"10.0.8.dev3",
"10.0.9",
"10.0.9.dev2",
"9.3.55",
"9.3.56",
"9.3.56.dev1",
"9.3.56.dev10",
"9.3.56.dev11",
"9.3.56.dev12",
"9.3.56.dev13",
"9.3.56.dev14",
"9.3.56.dev15",
"9.3.56.dev16",
"9.3.56.dev17",
"9.3.56.dev18",
"9.3.56.dev19",
"9.3.56.dev2",
"9.3.56.dev20",
"9.3.56.dev21",
"9.3.56.dev22",
"9.3.56.dev23",
"9.3.56.dev24",
"9.3.56.dev25",
"9.3.56.dev26",
"9.3.56.dev27",
"9.3.56.dev28",
"9.3.56.dev29",
"9.3.56.dev3",
"9.3.56.dev4",
"9.3.56.dev5",
"9.3.56.dev6",
"9.3.56.dev7",
"9.3.56.dev8",
"9.3.56.dev9",
"9.3.57",
"9.3.58",
"9.3.58.dev1",
"9.3.58.dev2",
"9.3.59",
"9.3.59.dev1",
"9.3.59.dev2",
"9.3.59.dev3",
"9.3.60",
"9.3.60.dev1",
"9.3.61",
"9.3.62",
"9.3.63",
"9.3.64",
"9.3.65",
"9.3.65.dev1",
"9.3.65.dev2",
"9.3.65.dev3",
"9.3.66",
"9.3.66.dev1",
"9.3.66.dev2",
"9.3.67",
"9.3.68",
"9.3.69",
"9.3.70",
"9.3.70.dev1",
"9.3.70.dev2",
"9.3.71",
"9.3.72",
"9.3.72.dev1",
"9.3.73",
"9.3.74",
"9.3.74.dev1",
"9.3.75",
"9.3.76",
"9.3.77",
"9.3.78",
"9.3.79",
"9.3.79.dev1",
"9.3.79.dev10",
"9.3.79.dev2",
"9.3.79.dev3",
"9.3.79.dev4",
"9.3.79.dev5",
"9.3.79.dev6",
"9.3.79.dev7",
"9.3.79.dev8",
"9.3.79.dev9",
"9.3.80",
"9.3.80.dev1",
"9.3.80.dev2",
"9.3.80.dev3",
"9.3.80.dev4",
"9.3.80.dev5",
"9.3.80.dev6",
"9.3.81",
"9.3.81.dev1",
"9.3.82",
"9.3.83",
"9.3.83.dev1",
"9.3.84",
"9.3.85",
"9.3.86",
"9.3.87",
"9.3.88",
"9.3.89",
"9.3.90",
"9.3.91",
"9.3.92",
"9.3.93",
"9.3.94",
"9.3.95",
"9.3.96",
"9.3.97",
"9.3.98",
"9.3.99",
"9.4.1",
"9.4.10",
"9.4.100",
"9.4.101",
"9.4.102",
"9.4.103",
"9.4.104",
"9.4.105",
"9.4.106",
"9.4.106.dev1",
"9.4.106.dev2",
"9.4.106.dev3",
"9.4.106.dev4",
"9.4.106.dev5",
"9.4.106.dev6",
"9.4.107",
"9.4.108",
"9.4.109",
"9.4.11",
"9.4.110",
"9.4.111",
"9.4.113",
"9.4.114",
"9.4.115",
"9.4.116",
"9.4.117",
"9.4.118",
"9.4.119",
"9.4.12",
"9.4.120",
"9.4.120.dev1",
"9.4.121.dev1",
"9.4.122.dev1",
"9.4.123",
"9.4.123.dev1",
"9.4.124",
"9.4.124.dev2",
"9.4.13",
"9.4.130",
"9.4.131",
"9.4.131.dev1",
"9.4.132",
"9.4.132.dev1",
"9.4.133",
"9.4.133.dev1",
"9.4.134",
"9.4.134.dev1",
"9.4.134.dev2",
"9.4.134.dev3",
"9.4.134.dev4",
"9.4.134.dev5",
"9.4.134.dev6",
"9.4.134.dev7",
"9.4.135",
"9.4.136",
"9.4.137",
"9.4.137.dev1",
"9.4.138",
"9.4.138.dev1",
"9.4.139",
"9.4.139.dev1",
"9.4.139.dev2",
"9.4.14",
"9.4.141",
"9.4.142",
"9.4.143",
"9.4.143.dev1",
"9.4.144",
"9.4.144.dev1",
"9.4.145",
"9.4.145.dev1",
"9.4.145.dev2",
"9.4.146",
"9.4.146.dev1",
"9.4.147",
"9.4.147.dev1",
"9.4.148",
"9.4.148.dev1",
"9.4.149",
"9.4.149.dev1",
"9.4.15",
"9.4.150",
"9.4.150.dev1",
"9.4.151",
"9.4.151.dev1",
"9.4.152",
"9.4.152.dev1",
"9.4.153",
"9.4.153.dev1",
"9.4.154",
"9.4.154.dev1",
"9.4.155",
"9.4.155.dev1",
"9.4.156",
"9.4.156.dev1",
"9.4.157",
"9.4.157.dev1",
"9.4.158",
"9.4.158.dev1",
"9.4.159",
"9.4.159.dev1",
"9.4.16",
"9.4.160",
"9.4.160.dev1",
"9.4.161",
"9.4.161.dev1",
"9.4.162.dev1",
"9.4.163",
"9.4.164",
"9.4.164.dev1",
"9.4.164.dev2",
"9.4.165",
"9.4.165.dev1",
"9.4.166",
"9.4.166.dev1",
"9.4.167",
"9.4.167.dev1",
"9.4.168",
"9.4.168.dev1",
"9.4.168.dev2",
"9.4.169",
"9.4.169.dev1",
"9.4.169.dev2",
"9.4.17",
"9.4.170",
"9.4.171",
"9.4.171.dev1",
"9.4.172",
"9.4.172.dev1",
"9.4.173",
"9.4.173.dev1",
"9.4.174",
"9.4.174.dev1",
"9.4.175",
"9.4.175.dev1",
"9.4.176",
"9.4.177",
"9.4.178",
"9.4.178.dev1",
"9.4.178.dev15",
"9.4.178.dev16",
"9.4.178.dev17",
"9.4.178.dev2",
"9.4.178.dev3",
"9.4.178.dev4",
"9.4.178.dev5",
"9.4.178.dev6",
"9.4.178.dev7",
"9.4.178.dev8",
"9.4.179",
"9.4.179.dev1",
"9.4.18",
"9.4.181",
"9.4.182.dev1",
"9.4.182.dev2",
"9.4.183",
"9.4.184.dev1",
"9.4.184.dev4",
"9.4.184.dev5",
"9.4.184.dev6",
"9.4.184.dev8",
"9.4.184.dev9",
"9.4.186",
"9.4.186.dev1",
"9.4.187",
"9.4.187.dev5",
"9.4.188",
"9.4.188.dev1",
"9.4.189",
"9.4.189.dev1",
"9.4.189.dev2",
"9.4.189.dev3",
"9.4.19",
"9.4.190",
"9.4.190.dev1",
"9.4.190.dev2",
"9.4.191",
"9.4.191.dev1",
"9.4.191.dev2",
"9.4.192",
"9.4.192.dev1",
"9.4.192.dev2",
"9.4.192.dev3",
"9.4.193",
"9.4.193.dev1",
"9.4.193.dev2",
"9.4.194",
"9.4.194.dev1",
"9.4.194.dev2",
"9.4.194.dev3",
"9.4.194.dev4",
"9.4.194.dev5",
"9.4.194.dev6",
"9.4.195",
"9.4.195.dev1",
"9.4.196",
"9.4.196.dev1",
"9.4.197",
"9.4.197.dev1",
"9.4.197.dev3",
"9.4.197.dev4",
"9.4.197.dev5",
"9.4.198",
"9.4.198.dev1",
"9.4.199",
"9.4.199.dev1",
"9.4.2",
"9.4.20",
"9.4.200",
"9.4.200.dev1",
"9.4.200.dev10",
"9.4.200.dev3",
"9.4.200.dev4",
"9.4.200.dev5",
"9.4.200.dev6",
"9.4.200.dev7",
"9.4.200.dev8",
"9.4.200.dev9",
"9.4.201",
"9.4.202",
"9.4.202.dev10",
"9.4.202.dev11",
"9.4.202.dev12",
"9.4.202.dev13",
"9.4.202.dev14",
"9.4.202.dev15",
"9.4.202.dev16",
"9.4.202.dev17",
"9.4.202.dev18",
"9.4.202.dev2",
"9.4.202.dev20",
"9.4.202.dev21",
"9.4.202.dev22",
"9.4.202.dev23",
"9.4.202.dev24",
"9.4.202.dev25",
"9.4.202.dev26",
"9.4.202.dev27",
"9.4.202.dev28",
"9.4.202.dev29",
"9.4.202.dev3",
"9.4.202.dev30",
"9.4.202.dev31",
"9.4.202.dev33",
"9.4.202.dev34",
"9.4.202.dev35",
"9.4.202.dev36",
"9.4.202.dev4",
"9.4.202.dev5",
"9.4.202.dev6",
"9.4.202.dev7",
"9.4.202.dev8",
"9.4.202.dev9",
"9.4.203",
"9.4.203.dev1",
"9.4.204",
"9.4.204.dev1",
"9.4.205",
"9.4.205.dev1",
"9.4.205.dev2",
"9.4.205.dev3",
"9.4.205.dev4",
"9.4.205.dev5",
"9.4.206",
"9.4.206.dev1",
"9.4.207",
"9.4.207.dev1",
"9.4.207.dev2",
"9.4.208",
"9.4.208.dev1",
"9.4.208.dev2",
"9.4.208.dev3",
"9.4.208.dev4",
"9.4.208.dev5",
"9.4.209",
"9.4.209.dev1",
"9.4.21",
"9.4.210",
"9.4.210.dev1",
"9.4.211",
"9.4.211.dev1",
"9.4.211.dev2",
"9.4.212",
"9.4.212.dev1",
"9.4.212.dev10",
"9.4.212.dev11",
"9.4.212.dev12",
"9.4.212.dev13",
"9.4.212.dev14",
"9.4.212.dev15",
"9.4.212.dev16",
"9.4.212.dev17",
"9.4.212.dev18",
"9.4.212.dev19",
"9.4.212.dev2",
"9.4.212.dev20",
"9.4.212.dev21",
"9.4.212.dev22",
"9.4.212.dev23",
"9.4.212.dev24",
"9.4.212.dev25",
"9.4.212.dev26",
"9.4.212.dev28",
"9.4.212.dev29",
"9.4.212.dev3",
"9.4.212.dev30",
"9.4.212.dev31",
"9.4.212.dev32",
"9.4.212.dev33",
"9.4.212.dev34",
"9.4.212.dev35",
"9.4.212.dev36",
"9.4.212.dev37",
"9.4.212.dev38",
"9.4.212.dev39",
"9.4.212.dev4",
"9.4.212.dev40",
"9.4.212.dev41",
"9.4.212.dev42",
"9.4.212.dev43",
"9.4.212.dev44",
"9.4.212.dev45",
"9.4.212.dev46",
"9.4.212.dev47",
"9.4.212.dev48",
"9.4.212.dev49",
"9.4.212.dev5",
"9.4.212.dev50",
"9.4.212.dev51",
"9.4.212.dev52",
"9.4.212.dev6",
"9.4.212.dev7",
"9.4.212.dev8",
"9.4.212.dev9",
"9.4.213",
"9.4.213.dev1",
"9.4.214",
"9.4.214.dev3",
"9.4.214.dev4",
"9.4.214.dev5",
"9.4.214.dev6",
"9.4.214.dev7",
"9.4.215",
"9.4.215.dev1",
"9.4.216",
"9.4.216.dev1",
"9.4.216.dev2",
"9.4.216.dev3",
"9.4.216.dev4",
"9.4.216.dev5",
"9.4.216.dev6",
"9.4.217",
"9.4.217.dev1",
"9.4.218",
"9.4.218.dev1",
"9.4.219",
"9.4.219.dev1",
"9.4.219.dev2",
"9.4.219.dev3",
"9.4.219.dev4",
"9.4.219.dev5",
"9.4.219.dev6",
"9.4.22",
"9.4.220",
"9.4.220.dev1",
"9.4.221",
"9.4.221.dev1",
"9.4.222",
"9.4.222.dev1",
"9.4.223",
"9.4.223.dev1",
"9.4.224.dev1",
"9.4.224.dev2",
"9.4.224.dev3",
"9.4.224.dev4",
"9.4.224.dev5",
"9.4.224.dev6",
"9.4.224.dev7",
"9.4.224.dev8",
"9.4.23",
"9.4.24",
"9.4.25",
"9.4.26",
"9.4.27",
"9.4.28",
"9.4.29",
"9.4.29.dev1",
"9.4.29.dev2",
"9.4.3",
"9.4.30",
"9.4.30.dev1",
"9.4.31",
"9.4.31.dev1",
"9.4.31.dev2",
"9.4.31.dev3",
"9.4.31.dev4",
"9.4.31.dev5",
"9.4.32",
"9.4.34",
"9.4.35",
"9.4.36",
"9.4.36.dev1",
"9.4.36.dev2",
"9.4.36.dev3",
"9.4.38",
"9.4.39",
"9.4.4",
"9.4.40",
"9.4.41",
"9.4.41.dev1",
"9.4.43",
"9.4.44",
"9.4.45",
"9.4.46",
"9.4.47",
"9.4.48",
"9.4.48.dev1",
"9.4.48.dev2",
"9.4.48.dev3",
"9.4.48.dev4",
"9.4.48.dev5",
"9.4.48.dev6",
"9.4.48.dev7",
"9.4.48.dev8",
"9.4.48.dev9",
"9.4.49",
"9.4.5",
"9.4.50",
"9.4.51",
"9.4.52",
"9.4.53",
"9.4.55",
"9.4.56",
"9.4.56.dev1",
"9.4.56.dev2",
"9.4.56.dev3",
"9.4.56.dev4",
"9.4.56.dev5",
"9.4.57",
"9.4.58",
"9.4.58.dev1",
"9.4.59",
"9.4.59.dev1",
"9.4.59.dev3",
"9.4.6",
"9.4.61",
"9.4.62",
"9.4.62.dev1",
"9.4.63",
"9.4.65",
"9.4.66",
"9.4.68",
"9.4.69",
"9.4.69.dev1",
"9.4.7",
"9.4.70",
"9.4.70.dev1",
"9.4.71",
"9.4.72",
"9.4.73",
"9.4.74",
"9.4.74.dev1",
"9.4.74.dev2",
"9.4.75",
"9.4.76",
"9.4.77",
"9.4.78",
"9.4.79",
"9.4.8",
"9.4.80",
"9.4.81",
"9.4.82",
"9.4.83",
"9.4.84",
"9.4.84.dev2",
"9.4.85.dev10",
"9.4.85.dev11",
"9.4.85.dev12",
"9.4.85.dev13",
"9.4.85.dev14",
"9.4.85.dev15",
"9.4.85.dev16",
"9.4.85.dev17",
"9.4.85.dev18",
"9.4.85.dev19",
"9.4.85.dev2",
"9.4.85.dev20",
"9.4.85.dev21",
"9.4.85.dev22",
"9.4.85.dev23",
"9.4.85.dev24",
"9.4.85.dev25",
"9.4.85.dev26",
"9.4.85.dev27",
"9.4.85.dev28",
"9.4.85.dev29",
"9.4.85.dev3",
"9.4.85.dev30",
"9.4.85.dev31",
"9.4.85.dev35",
"9.4.85.dev36",
"9.4.85.dev37",
"9.4.85.dev4",
"9.4.85.dev5",
"9.4.85.dev6",
"9.4.85.dev7",
"9.4.85.dev8",
"9.4.85.dev9",
"9.4.87.dev1",
"9.4.87.dev2",
"9.4.87.dev3",
"9.4.87.dev4",
"9.4.87.dev5",
"9.4.87.dev6",
"9.4.87.dev7",
"9.4.87.dev8",
"9.4.87.dev9",
"9.4.88.dev2",
"9.4.88.dev3",
"9.4.88.dev4",
"9.4.88.dev5",
"9.4.88.dev6",
"9.4.9",
"9.4.92.dev1",
"9.4.96",
"9.4.96.dev1",
"9.4.96.dev2",
"9.4.97",
"9.4.97.dev1",
"9.4.98",
"9.4.99"
]
}
],
"aliases": [
"CVE-2021-25926",
"GHSA-x823-j7c4-vpc5"
],
"details": "In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Therefore, an attacker can steal a user\u0027s sessionID to masquerade as a victim user, to carry out any actions in the context of the user.",
"id": "PYSEC-2021-148",
"modified": "2021-08-27T03:22:21.656706Z",
"published": "2021-04-12T14:15:00Z",
"references": [
{
"type": "FIX",
"url": "https://github.com/SiCKRAGE/SiCKRAGE/commit/9f42426727e16609ad3d1337f6637588b8ed28e4"
},
{
"type": "WEB",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25926,"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-x823-j7c4-vpc5"
}
]
}
cve-2021-25926
Vulnerability from cvelistv5
Published
2021-04-12 13:45
Modified
2025-04-30 17:34
Severity ?
EPSS score ?
Summary
In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the context of the user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25926%2C | x_refsource_MISC | |
| https://github.com/SiCKRAGE/SiCKRAGE/commit/9f42426727e16609ad3d1337f6637588b8ed28e4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25926%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SiCKRAGE/SiCKRAGE/commit/9f42426727e16609ad3d1337f6637588b8ed28e4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-25926",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T17:32:24.540361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T17:34:46.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sickrage",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.3.54.dev1-10.0.11.dev1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Therefore, an attacker can steal a user\u0027s sessionID to masquerade as a victim user, to carry out any actions in the context of the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-12T13:45:57.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25926%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SiCKRAGE/SiCKRAGE/commit/9f42426727e16609ad3d1337f6637588b8ed28e4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2021-25926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sickrage",
"version": {
"version_data": [
{
"version_value": "9.3.54.dev1-10.0.11.dev1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Therefore, an attacker can steal a user\u0027s sessionID to masquerade as a victim user, to carry out any actions in the context of the user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25926,",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25926,"
},
{
"name": "https://github.com/SiCKRAGE/SiCKRAGE/commit/9f42426727e16609ad3d1337f6637588b8ed28e4",
"refsource": "MISC",
"url": "https://github.com/SiCKRAGE/SiCKRAGE/commit/9f42426727e16609ad3d1337f6637588b8ed28e4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2021-25926",
"datePublished": "2021-04-12T13:45:57.000Z",
"dateReserved": "2021-01-22T00:00:00.000Z",
"dateUpdated": "2025-04-30T17:34:46.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.