cvedb.io
CVE-2021-32737
HIGH · CVSS 8.4
EPSS exploitation probability: 0%
Published 2021-07-02T18:15:09.603 · Last modified 2026-06-17T03:53:31.820

Summary

Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating.

Affected products

sulu — sulu

Does this affect you?

Add your gear to cvedb and we'll alert you only when sulu ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.