PT-2021-16856 · Sickrage · Sickrage
Published
2021-04-12
·
Updated
2024-02-09
·
CVE-2021-25926
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SiCKRAGE versions 9.3.54.dev1 to 10.0.11.dev1
Description
The issue arises from improper validation of user input in the
quicksearch feature, leading to Reflected Cross-Site-Scripting (XSS). This allows an attacker to steal a user's sessionID, enabling them to masquerade as the victim user and perform actions in the user's context.Recommendations
For SiCKRAGE versions 9.3.54.dev1 to 10.0.11.dev1, consider disabling the
quicksearch feature until a patch is available to prevent exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sickrage