VDB
CVE-2021-21319
CVE-2021-21319
PUBLISHED
Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround (this is the default state). Malicious javascript code can be executed (not stored) on login and retrieve password pages. This issue is patched in version 0.9.5.
EPSS 0.72% · 72.9th percentile
Risk Scores
EPSS Score
0.72%
72.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | galette | 0, 0.8+dfsg-1, 0.8+dfsg-1ubuntu1 |
Exploit Intelligence
- https://github.com/galette/galette/security/advisories/GHSA-vjc9-mj44-x59q (circl)
- https://github.com/galette/galette/commit/514418da973ae5b84bf97f94bd288a41e8e3f0a6 (circl)
- https://github.com/galette/galette/commit/8f3bdd9f7d0708466e011253064a867ca2b271a5 (circl)
- https://github.com/galette/galette/commit/f54b2570615d38d0302e937079233e52c2d80995 (circl)
- https://bugs.galette.eu/issues/1535 (circl)
Timeline
- Oct 25, 2021 CVE Published
- Oct 26, 2021 EPSS Score
- Dec 21, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 15, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 12, 2022 EPSS Score
- Jun 7, 2022 EPSS Score
- Aug 3, 2022 EPSS Score
- Sep 28, 2022 EPSS Score
- Jan 19, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-21319 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-21319 third-party-advisory