Candidate: CVE-2021-41261
PublicDate: 2021-12-16 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41261
 https://github.com/galette/galette/security/advisories/GHSA-28fg-cp22-6c33
 https://github.com/galette/galette/commit/0d55bc7f420470e0dbca91ebe7899c592905cbc5
Description:
 Galette is a membership management web application built for non profit
 organizations and released under GPLv3. Versions prior to 0.9.6 are subject
 to stored cross site scripting attacks via the preferences footer. The
 preference footer can only be altered by a site admin. This issue has been
 resolved in the 0.9.6 release and all users are advised to upgrade. There
 are no known workarounds.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N [4.8 MEDIUM]


Patches_galette:
upstream_galette: needs-triage
trusty_galette: ignored (out of standard support)
xenial_galette: ignored (out of standard support)