Search criteria
10 vulnerabilities by galette
CVE-2025-58053 (GCVE-0-2025-58053)
Vulnerability from cvelistv5 – Published: 2025-12-19 16:26 – Updated: 2025-12-19 18:00
VLAI?
Title
Galette has a privilege escalation vulnerability
Summary
Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58053",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T17:25:11.178028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T18:00:53.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "galette",
"vendor": "galette",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T16:26:00.148Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/galette/galette/security/advisories/GHSA-r7x8-6r56-498r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/galette/galette/security/advisories/GHSA-r7x8-6r56-498r"
}
],
"source": {
"advisory": "GHSA-r7x8-6r56-498r",
"discovery": "UNKNOWN"
},
"title": "Galette has a privilege escalation vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-58053",
"datePublished": "2025-12-19T16:26:00.148Z",
"dateReserved": "2025-08-22T14:30:32.221Z",
"dateUpdated": "2025-12-19T18:00:53.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58052 (GCVE-0-2025-58052)
Vulnerability from cvelistv5 – Published: 2025-12-19 16:24 – Updated: 2025-12-19 16:30
VLAI?
Title
Galette has groups managers access control bypass on Members
Summary
Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires privileged access initially, exploitation is restricted to malicious insiders or compromised group managers accounts. Version 1.2.0 fixes the issue.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58052",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T16:29:48.545488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T16:30:00.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "galette",
"vendor": "galette",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.9.6, \u003c 1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires privileged access initially, exploitation is restricted to malicious insiders or compromised group managers accounts. Version 1.2.0 fixes the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T16:24:10.982Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/galette/galette/security/advisories/GHSA-gp9g-gf56-fcxx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/galette/galette/security/advisories/GHSA-gp9g-gf56-fcxx"
}
],
"source": {
"advisory": "GHSA-gp9g-gf56-fcxx",
"discovery": "UNKNOWN"
},
"title": "Galette has groups managers access control bypass on Members"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-58052",
"datePublished": "2025-12-19T16:24:10.982Z",
"dateReserved": "2025-08-22T14:30:32.221Z",
"dateUpdated": "2025-12-19T16:30:00.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53922 (GCVE-0-2025-53922)
Vulnerability from cvelistv5 – Published: 2025-12-19 15:10 – Updated: 2025-12-19 15:25
VLAI?
Title
Galette has access control bypass
Summary
Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53922",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T15:25:11.809842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T15:25:27.634Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "galette",
"vendor": "galette",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.1.4, \u003c 1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 1.3,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T15:10:00.685Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/galette/galette/security/advisories/GHSA-5jp7-5c38-3pv6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/galette/galette/security/advisories/GHSA-5jp7-5c38-3pv6"
}
],
"source": {
"advisory": "GHSA-5jp7-5c38-3pv6",
"discovery": "UNKNOWN"
},
"title": "Galette has access control bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53922",
"datePublished": "2025-12-19T15:10:00.685Z",
"dateReserved": "2025-07-14T17:23:35.258Z",
"dateUpdated": "2025-12-19T15:25:27.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48884 (GCVE-0-2025-48884)
Vulnerability from cvelistv5 – Published: 2025-11-04 20:44 – Updated: 2025-11-04 21:03
VLAI?
Title
Galette is vulnerable to XSS through Document Type
Summary
Galette is a membership management web application for non profit organizations. In versions 1.1.5.2 and below, Galette's Document Type is vulnerable to Cross-site Scripting. This issue is fixed in version 1.2.0.
Severity ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-04T21:03:31.777969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T21:03:39.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "galette",
"vendor": "galette",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Galette is a membership management web application for non profit organizations. In versions 1.1.5.2 and below, Galette\u0027s Document Type is vulnerable to Cross-site Scripting. This issue is fixed in version 1.2.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T20:44:29.193Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/galette/galette/security/advisories/GHSA-3rc3-rc5x-vmr4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/galette/galette/security/advisories/GHSA-3rc3-rc5x-vmr4"
}
],
"source": {
"advisory": "GHSA-3rc3-rc5x-vmr4",
"discovery": "UNKNOWN"
},
"title": "Galette is vulnerable to XSS through Document Type"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48884",
"datePublished": "2025-11-04T20:44:29.193Z",
"dateReserved": "2025-05-27T20:14:34.297Z",
"dateUpdated": "2025-11-04T21:03:39.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48076 (GCVE-0-2025-48076)
Vulnerability from cvelistv5 – Published: 2025-11-04 20:40 – Updated: 2025-11-04 21:04
VLAI?
Title
Galette is vulnerable to Cross-site Scripting
Summary
Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert an XSS payload. This issue is fixed in version 1.2.0.
Severity ?
CWE
- CWE-87 - Improper Neutralization of Alternate XSS Syntax
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48076",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-04T21:03:57.750206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T21:04:06.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "galette",
"vendor": "galette",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert an XSS payload. This issue is fixed in version 1.2.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-87",
"description": "CWE-87: Improper Neutralization of Alternate XSS Syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T20:40:09.121Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/galette/galette/security/advisories/GHSA-ccwq-mxx3-chvh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/galette/galette/security/advisories/GHSA-ccwq-mxx3-chvh"
}
],
"source": {
"advisory": "GHSA-ccwq-mxx3-chvh",
"discovery": "UNKNOWN"
},
"title": "Galette is vulnerable to Cross-site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48076",
"datePublished": "2025-11-04T20:40:09.121Z",
"dateReserved": "2025-05-15T16:06:40.942Z",
"dateUpdated": "2025-11-04T21:04:06.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-24761 (GCVE-0-2024-24761)
Vulnerability from cvelistv5 – Published: 2024-03-06 17:25 – Updated: 2024-08-22 18:34
VLAI?
Title
Galette public pages accessibility restriction
Summary
Galette is a membership management web application for non profit organizations. Starting in version 1.0.0 and prior to version 1.0.2, public pages are per default restricted to only administrators and staff members. From configuration, it is possible to restrict to up-to-date members or to everyone. Version 1.0.2 fixes this issue.
Severity ?
7.5 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/galette/galette/security/advisories/GHSA-jrqg-mpwv-pxpv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/galette/galette/security/advisories/GHSA-jrqg-mpwv-pxpv"
},
{
"name": "https://github.com/galette/galette/commit/a5c18bb9819b8da1b3ef58f3e79577083c657fbb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/galette/galette/commit/a5c18bb9819b8da1b3ef58f3e79577083c657fbb"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:galette:galette:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "galette",
"vendor": "galette",
"versions": [
{
"lessThan": "1.0.2",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24761",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T18:33:34.142551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T18:34:53.055Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "galette",
"vendor": "galette",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Galette is a membership management web application for non profit organizations. Starting in version 1.0.0 and prior to version 1.0.2, public pages are per default restricted to only administrators and staff members. From configuration, it is possible to restrict to up-to-date members or to everyone. Version 1.0.2 fixes this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T17:25:59.423Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/galette/galette/security/advisories/GHSA-jrqg-mpwv-pxpv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/galette/galette/security/advisories/GHSA-jrqg-mpwv-pxpv"
},
{
"name": "https://github.com/galette/galette/commit/a5c18bb9819b8da1b3ef58f3e79577083c657fbb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/galette/galette/commit/a5c18bb9819b8da1b3ef58f3e79577083c657fbb"
}
],
"source": {
"advisory": "GHSA-jrqg-mpwv-pxpv",
"discovery": "UNKNOWN"
},
"title": "Galette public pages accessibility restriction"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24761",
"datePublished": "2024-03-06T17:25:59.423Z",
"dateReserved": "2024-01-29T20:51:26.011Z",
"dateUpdated": "2024-08-22T18:34:53.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41261 (GCVE-0-2021-41261)
Vulnerability from cvelistv5 – Published: 2021-12-16 18:10 – Updated: 2024-08-04 03:08
VLAI?
Title
Stored Cross-site Scripting in Galette
Summary
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been resolved in the 0.9.6 release and all users are advised to upgrade. There are no known workarounds.
Severity ?
8.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:31.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/galette/galette/security/advisories/GHSA-28fg-cp22-6c33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/galette/galette/commit/0d55bc7f420470e0dbca91ebe7899c592905cbc5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "galette",
"vendor": "galette",
"versions": [
{
"status": "affected",
"version": "\u003c 0.9.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been resolved in the 0.9.6 release and all users are advised to upgrade. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-16T18:10:22",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/galette/galette/security/advisories/GHSA-28fg-cp22-6c33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/galette/galette/commit/0d55bc7f420470e0dbca91ebe7899c592905cbc5"
}
],
"source": {
"advisory": "GHSA-28fg-cp22-6c33",
"discovery": "UNKNOWN"
},
"title": "Stored Cross-site Scripting in Galette",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41261",
"STATE": "PUBLIC",
"TITLE": "Stored Cross-site Scripting in Galette"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "galette",
"version": {
"version_data": [
{
"version_value": "\u003c 0.9.6"
}
]
}
}
]
},
"vendor_name": "galette"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been resolved in the 0.9.6 release and all users are advised to upgrade. There are no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/galette/galette/security/advisories/GHSA-28fg-cp22-6c33",
"refsource": "CONFIRM",
"url": "https://github.com/galette/galette/security/advisories/GHSA-28fg-cp22-6c33"
},
{
"name": "https://github.com/galette/galette/commit/0d55bc7f420470e0dbca91ebe7899c592905cbc5",
"refsource": "MISC",
"url": "https://github.com/galette/galette/commit/0d55bc7f420470e0dbca91ebe7899c592905cbc5"
}
]
},
"source": {
"advisory": "GHSA-28fg-cp22-6c33",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41261",
"datePublished": "2021-12-16T18:10:22",
"dateReserved": "2021-09-15T00:00:00",
"dateUpdated": "2024-08-04T03:08:31.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41262 (GCVE-0-2021-41262)
Vulnerability from cvelistv5 – Published: 2021-12-16 18:10 – Updated: 2024-08-04 03:08
VLAI?
Title
SQL Injection in Galette
Summary
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with "member" privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known workarounds.
Severity ?
8.8 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:31.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/galette/galette/security/advisories/GHSA-936f-xvgq-fg74"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/galette/galette/commit/8e940641b5ed46c3f471332827df388ea00a85d3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "galette",
"vendor": "galette",
"versions": [
{
"status": "affected",
"version": "\u003c 0.9.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with \"member\" privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-16T18:10:16",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/galette/galette/security/advisories/GHSA-936f-xvgq-fg74"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/galette/galette/commit/8e940641b5ed46c3f471332827df388ea00a85d3"
}
],
"source": {
"advisory": "GHSA-936f-xvgq-fg74",
"discovery": "UNKNOWN"
},
"title": "SQL Injection in Galette",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41262",
"STATE": "PUBLIC",
"TITLE": "SQL Injection in Galette"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "galette",
"version": {
"version_data": [
{
"version_value": "\u003c 0.9.6"
}
]
}
}
]
},
"vendor_name": "galette"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with \"member\" privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/galette/galette/security/advisories/GHSA-936f-xvgq-fg74",
"refsource": "CONFIRM",
"url": "https://github.com/galette/galette/security/advisories/GHSA-936f-xvgq-fg74"
},
{
"name": "https://github.com/galette/galette/commit/8e940641b5ed46c3f471332827df388ea00a85d3",
"refsource": "MISC",
"url": "https://github.com/galette/galette/commit/8e940641b5ed46c3f471332827df388ea00a85d3"
}
]
},
"source": {
"advisory": "GHSA-936f-xvgq-fg74",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41262",
"datePublished": "2021-12-16T18:10:16",
"dateReserved": "2021-09-15T00:00:00",
"dateUpdated": "2024-08-04T03:08:31.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41260 (GCVE-0-2021-41260)
Vulnerability from cvelistv5 – Published: 2021-12-16 18:10 – Updated: 2024-08-04 03:08
VLAI?
Title
Missing CSRF checks in Galette
Summary
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue.
Severity ?
8.2 (High)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:31.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/galette/galette/security/advisories/GHSA-hw28-c7px-xqm5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/galette/galette/commit/a5602bca2566f1be370631c3ab2d40feedd4b3ad"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "galette",
"vendor": "galette",
"versions": [
{
"status": "affected",
"version": "\u003c 0.9.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-16T18:10:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/galette/galette/security/advisories/GHSA-hw28-c7px-xqm5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/galette/galette/commit/a5602bca2566f1be370631c3ab2d40feedd4b3ad"
}
],
"source": {
"advisory": "GHSA-hw28-c7px-xqm5",
"discovery": "UNKNOWN"
},
"title": "Missing CSRF checks in Galette",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41260",
"STATE": "PUBLIC",
"TITLE": "Missing CSRF checks in Galette"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "galette",
"version": {
"version_data": [
{
"version_value": "\u003c 0.9.6"
}
]
}
}
]
},
"vendor_name": "galette"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/galette/galette/security/advisories/GHSA-hw28-c7px-xqm5",
"refsource": "CONFIRM",
"url": "https://github.com/galette/galette/security/advisories/GHSA-hw28-c7px-xqm5"
},
{
"name": "https://github.com/galette/galette/commit/a5602bca2566f1be370631c3ab2d40feedd4b3ad",
"refsource": "MISC",
"url": "https://github.com/galette/galette/commit/a5602bca2566f1be370631c3ab2d40feedd4b3ad"
}
]
},
"source": {
"advisory": "GHSA-hw28-c7px-xqm5",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41260",
"datePublished": "2021-12-16T18:10:11",
"dateReserved": "2021-09-15T00:00:00",
"dateUpdated": "2024-08-04T03:08:31.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21319 (GCVE-0-2021-21319)
Vulnerability from cvelistv5 – Published: 2021-10-25 16:00 – Updated: 2024-08-03 18:09
VLAI?
Title
Several stored XSS
Summary
Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround (this is the default state). Malicious javascript code can be executed (not stored) on login and retrieve password pages. This issue is patched in version 0.9.5.
Severity ?
6.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/galette/galette/security/advisories/GHSA-vjc9-mj44-x59q"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/galette/galette/commit/514418da973ae5b84bf97f94bd288a41e8e3f0a6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/galette/galette/commit/8f3bdd9f7d0708466e011253064a867ca2b271a5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/galette/galette/commit/f54b2570615d38d0302e937079233e52c2d80995"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.galette.eu/issues/1535"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "galette",
"vendor": "galette",
"versions": [
{
"status": "affected",
"version": "\u003c 0.9.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround (this is the default state). Malicious javascript code can be executed (not stored) on login and retrieve password pages. This issue is patched in version 0.9.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-25T16:00:19",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/galette/galette/security/advisories/GHSA-vjc9-mj44-x59q"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/galette/galette/commit/514418da973ae5b84bf97f94bd288a41e8e3f0a6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/galette/galette/commit/8f3bdd9f7d0708466e011253064a867ca2b271a5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/galette/galette/commit/f54b2570615d38d0302e937079233e52c2d80995"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.galette.eu/issues/1535"
}
],
"source": {
"advisory": "GHSA-vjc9-mj44-x59q",
"discovery": "UNKNOWN"
},
"title": "Several stored XSS",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21319",
"STATE": "PUBLIC",
"TITLE": "Several stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "galette",
"version": {
"version_data": [
{
"version_value": "\u003c 0.9.5"
}
]
}
}
]
},
"vendor_name": "galette"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround (this is the default state). Malicious javascript code can be executed (not stored) on login and retrieve password pages. This issue is patched in version 0.9.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/galette/galette/security/advisories/GHSA-vjc9-mj44-x59q",
"refsource": "CONFIRM",
"url": "https://github.com/galette/galette/security/advisories/GHSA-vjc9-mj44-x59q"
},
{
"name": "https://github.com/galette/galette/commit/514418da973ae5b84bf97f94bd288a41e8e3f0a6",
"refsource": "MISC",
"url": "https://github.com/galette/galette/commit/514418da973ae5b84bf97f94bd288a41e8e3f0a6"
},
{
"name": "https://github.com/galette/galette/commit/8f3bdd9f7d0708466e011253064a867ca2b271a5",
"refsource": "MISC",
"url": "https://github.com/galette/galette/commit/8f3bdd9f7d0708466e011253064a867ca2b271a5"
},
{
"name": "https://github.com/galette/galette/commit/f54b2570615d38d0302e937079233e52c2d80995",
"refsource": "MISC",
"url": "https://github.com/galette/galette/commit/f54b2570615d38d0302e937079233e52c2d80995"
},
{
"name": "https://bugs.galette.eu/issues/1535",
"refsource": "MISC",
"url": "https://bugs.galette.eu/issues/1535"
}
]
},
"source": {
"advisory": "GHSA-vjc9-mj44-x59q",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21319",
"datePublished": "2021-10-25T16:00:19",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}