Main Vulnerability Database SB2021102156

SB2021102156 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Sulu

Published: October 21, 2021 Updated: May 12, 2026

Security Bulletin ID SB2021102156

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CVE-ID: CVE-2021-41169)

The vulnerability allows a remote user to execute arbitrary script in an administrator's browser.

The vulnerability exists due to improper neutralization of script-related html tags in the tag autocomplete feature when listing tag names in the auto complete form. A remote user can create a tag with crafted html content to execute arbitrary script in an administrator's browser.

Only administrator users can create tags, and the issue is triggered when the crafted tag name is displayed by the autocomplete functionality.

Remediation

Install update from vendor's website.

SB2021102156 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Sulu

Breakdown by Severity

Description

Remediation

References

Please verify you're human