CVE-2021-41169

Name of the Vulnerable Software and Affected Versions Sulu versions prior to 1.6.43

Description The issue is related to stored cross-site scripting attacks due to improper sanitization of HTML input into Tag names. This occurs when the HTML is executed when the tag name is listed in the auto-complete form. Only admin users are affected, as they are the only ones allowed to create tags.

Recommendations For versions prior to 1.6.43, upgrade to version 1.6.43 or later to resolve the issue. As a temporary workaround, consider creating a custom request listener to avoid the creation of such tags until a patch is applied.