CVE-2021-25926

Cross-site Scripting in pypi/sickrage

Identifier

CVE-2021-25926

Package Slug

pypi/sickrage

Vulnerability

Cross-site Scripting

Description

SiCKRAGE is vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the quicksearch feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the context of the user.

Affected Versions

All versions starting from 9.3.54 up to 10.0.11

Solution

Unfortunately, there is no solution available yet.

Last Modified

2021-04-21

source