Vulnerability Details CVE-2021-25926
In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the context of the user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.4%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://github.com/SiCKRAGE/SiCKRAGE/commit/9f42426727e16609ad3d1337f6637588b8ed28e4
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25926%2C
- https://github.com/SiCKRAGE/SiCKRAGE/commit/9f42426727e16609ad3d1337f6637588b8ed28e4
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25926%2C
Products affected by CVE-2021-25926
-
cpe:2.3:a:sickrage:sickrage:10.0.0
-
cpe:2.3:a:sickrage:sickrage:10.0.1
-
cpe:2.3:a:sickrage:sickrage:10.0.10
-
cpe:2.3:a:sickrage:sickrage:10.0.11
-
cpe:2.3:a:sickrage:sickrage:10.0.2
-
cpe:2.3:a:sickrage:sickrage:10.0.3
-
cpe:2.3:a:sickrage:sickrage:10.0.4
-
cpe:2.3:a:sickrage:sickrage:10.0.5
-
cpe:2.3:a:sickrage:sickrage:10.0.6
-
cpe:2.3:a:sickrage:sickrage:10.0.7
-
cpe:2.3:a:sickrage:sickrage:10.0.8
-
cpe:2.3:a:sickrage:sickrage:10.0.9
-
cpe:2.3:a:sickrage:sickrage:9.3.54
-
cpe:2.3:a:sickrage:sickrage:9.3.55
-
cpe:2.3:a:sickrage:sickrage:9.3.56
-
cpe:2.3:a:sickrage:sickrage:9.3.57
-
cpe:2.3:a:sickrage:sickrage:9.3.58
-
cpe:2.3:a:sickrage:sickrage:9.3.59
-
cpe:2.3:a:sickrage:sickrage:9.3.60
-
cpe:2.3:a:sickrage:sickrage:9.3.61
-
cpe:2.3:a:sickrage:sickrage:9.3.62
-
cpe:2.3:a:sickrage:sickrage:9.3.63
-
cpe:2.3:a:sickrage:sickrage:9.3.64
-
cpe:2.3:a:sickrage:sickrage:9.3.65
-
cpe:2.3:a:sickrage:sickrage:9.3.66
-
cpe:2.3:a:sickrage:sickrage:9.3.67
-
cpe:2.3:a:sickrage:sickrage:9.3.68
-
cpe:2.3:a:sickrage:sickrage:9.3.69
-
cpe:2.3:a:sickrage:sickrage:9.3.70
-
cpe:2.3:a:sickrage:sickrage:9.3.71
-
cpe:2.3:a:sickrage:sickrage:9.3.72
-
cpe:2.3:a:sickrage:sickrage:9.3.73
-
cpe:2.3:a:sickrage:sickrage:9.3.74
-
cpe:2.3:a:sickrage:sickrage:9.3.75
-
cpe:2.3:a:sickrage:sickrage:9.3.76
-
cpe:2.3:a:sickrage:sickrage:9.3.77
-
cpe:2.3:a:sickrage:sickrage:9.3.78
-
cpe:2.3:a:sickrage:sickrage:9.3.79
-
cpe:2.3:a:sickrage:sickrage:9.3.80
-
cpe:2.3:a:sickrage:sickrage:9.3.81
-
cpe:2.3:a:sickrage:sickrage:9.3.82
-
cpe:2.3:a:sickrage:sickrage:9.3.83
-
cpe:2.3:a:sickrage:sickrage:9.3.84
-
cpe:2.3:a:sickrage:sickrage:9.3.85
-
cpe:2.3:a:sickrage:sickrage:9.3.86
-
cpe:2.3:a:sickrage:sickrage:9.3.87
-
cpe:2.3:a:sickrage:sickrage:9.3.88
-
cpe:2.3:a:sickrage:sickrage:9.3.89
-
cpe:2.3:a:sickrage:sickrage:9.3.90
-
cpe:2.3:a:sickrage:sickrage:9.3.91
-
cpe:2.3:a:sickrage:sickrage:9.3.92
-
cpe:2.3:a:sickrage:sickrage:9.3.93
-
cpe:2.3:a:sickrage:sickrage:9.3.94
-
cpe:2.3:a:sickrage:sickrage:9.3.95
-
cpe:2.3:a:sickrage:sickrage:9.3.96
-
cpe:2.3:a:sickrage:sickrage:9.3.97
-
cpe:2.3:a:sickrage:sickrage:9.3.98
-
cpe:2.3:a:sickrage:sickrage:9.3.99
-
cpe:2.3:a:sickrage:sickrage:9.4.1
-
cpe:2.3:a:sickrage:sickrage:9.4.10
-
cpe:2.3:a:sickrage:sickrage:9.4.100
-
cpe:2.3:a:sickrage:sickrage:9.4.101
-
cpe:2.3:a:sickrage:sickrage:9.4.102
-
cpe:2.3:a:sickrage:sickrage:9.4.103
-
cpe:2.3:a:sickrage:sickrage:9.4.104
-
cpe:2.3:a:sickrage:sickrage:9.4.105
-
cpe:2.3:a:sickrage:sickrage:9.4.106
-
cpe:2.3:a:sickrage:sickrage:9.4.107
-
cpe:2.3:a:sickrage:sickrage:9.4.108
-
cpe:2.3:a:sickrage:sickrage:9.4.109
-
cpe:2.3:a:sickrage:sickrage:9.4.11
-
cpe:2.3:a:sickrage:sickrage:9.4.110
-
cpe:2.3:a:sickrage:sickrage:9.4.111
-
cpe:2.3:a:sickrage:sickrage:9.4.113
-
cpe:2.3:a:sickrage:sickrage:9.4.114
-
cpe:2.3:a:sickrage:sickrage:9.4.115
-
cpe:2.3:a:sickrage:sickrage:9.4.116
-
cpe:2.3:a:sickrage:sickrage:9.4.117
-
cpe:2.3:a:sickrage:sickrage:9.4.118
-
cpe:2.3:a:sickrage:sickrage:9.4.119
-
cpe:2.3:a:sickrage:sickrage:9.4.12
-
cpe:2.3:a:sickrage:sickrage:9.4.120
-
cpe:2.3:a:sickrage:sickrage:9.4.121
-
cpe:2.3:a:sickrage:sickrage:9.4.122
-
cpe:2.3:a:sickrage:sickrage:9.4.123
-
cpe:2.3:a:sickrage:sickrage:9.4.124
-
cpe:2.3:a:sickrage:sickrage:9.4.125
-
cpe:2.3:a:sickrage:sickrage:9.4.126
-
cpe:2.3:a:sickrage:sickrage:9.4.127
-
cpe:2.3:a:sickrage:sickrage:9.4.128
-
cpe:2.3:a:sickrage:sickrage:9.4.129
-
cpe:2.3:a:sickrage:sickrage:9.4.13
-
cpe:2.3:a:sickrage:sickrage:9.4.130
-
cpe:2.3:a:sickrage:sickrage:9.4.131
-
cpe:2.3:a:sickrage:sickrage:9.4.132
-
cpe:2.3:a:sickrage:sickrage:9.4.133
-
cpe:2.3:a:sickrage:sickrage:9.4.134
-
cpe:2.3:a:sickrage:sickrage:9.4.135
-
cpe:2.3:a:sickrage:sickrage:9.4.136
-
cpe:2.3:a:sickrage:sickrage:9.4.137
-
cpe:2.3:a:sickrage:sickrage:9.4.138
-
cpe:2.3:a:sickrage:sickrage:9.4.139
-
cpe:2.3:a:sickrage:sickrage:9.4.14
-
cpe:2.3:a:sickrage:sickrage:9.4.140
-
cpe:2.3:a:sickrage:sickrage:9.4.141
-
cpe:2.3:a:sickrage:sickrage:9.4.142
-
cpe:2.3:a:sickrage:sickrage:9.4.143
-
cpe:2.3:a:sickrage:sickrage:9.4.144
-
cpe:2.3:a:sickrage:sickrage:9.4.145
-
cpe:2.3:a:sickrage:sickrage:9.4.146
-
cpe:2.3:a:sickrage:sickrage:9.4.147
-
cpe:2.3:a:sickrage:sickrage:9.4.148
-
cpe:2.3:a:sickrage:sickrage:9.4.149
-
cpe:2.3:a:sickrage:sickrage:9.4.15
-
cpe:2.3:a:sickrage:sickrage:9.4.150
-
cpe:2.3:a:sickrage:sickrage:9.4.151
-
cpe:2.3:a:sickrage:sickrage:9.4.152
-
cpe:2.3:a:sickrage:sickrage:9.4.153
-
cpe:2.3:a:sickrage:sickrage:9.4.154
-
cpe:2.3:a:sickrage:sickrage:9.4.155
-
cpe:2.3:a:sickrage:sickrage:9.4.156
-
cpe:2.3:a:sickrage:sickrage:9.4.157
-
cpe:2.3:a:sickrage:sickrage:9.4.158
-
cpe:2.3:a:sickrage:sickrage:9.4.159
-
cpe:2.3:a:sickrage:sickrage:9.4.16
-
cpe:2.3:a:sickrage:sickrage:9.4.160
-
cpe:2.3:a:sickrage:sickrage:9.4.161
-
cpe:2.3:a:sickrage:sickrage:9.4.162
-
cpe:2.3:a:sickrage:sickrage:9.4.163
-
cpe:2.3:a:sickrage:sickrage:9.4.164
-
cpe:2.3:a:sickrage:sickrage:9.4.165
-
cpe:2.3:a:sickrage:sickrage:9.4.166
-
cpe:2.3:a:sickrage:sickrage:9.4.167
-
cpe:2.3:a:sickrage:sickrage:9.4.168
-
cpe:2.3:a:sickrage:sickrage:9.4.169
-
cpe:2.3:a:sickrage:sickrage:9.4.17
-
cpe:2.3:a:sickrage:sickrage:9.4.170
-
cpe:2.3:a:sickrage:sickrage:9.4.171
-
cpe:2.3:a:sickrage:sickrage:9.4.172
-
cpe:2.3:a:sickrage:sickrage:9.4.173
-
cpe:2.3:a:sickrage:sickrage:9.4.174
-
cpe:2.3:a:sickrage:sickrage:9.4.175
-
cpe:2.3:a:sickrage:sickrage:9.4.176
-
cpe:2.3:a:sickrage:sickrage:9.4.177
-
cpe:2.3:a:sickrage:sickrage:9.4.178
-
cpe:2.3:a:sickrage:sickrage:9.4.179
-
cpe:2.3:a:sickrage:sickrage:9.4.18
-
cpe:2.3:a:sickrage:sickrage:9.4.180
-
cpe:2.3:a:sickrage:sickrage:9.4.181
-
cpe:2.3:a:sickrage:sickrage:9.4.182
-
cpe:2.3:a:sickrage:sickrage:9.4.183
-
cpe:2.3:a:sickrage:sickrage:9.4.184
-
cpe:2.3:a:sickrage:sickrage:9.4.185
-
cpe:2.3:a:sickrage:sickrage:9.4.186
-
cpe:2.3:a:sickrage:sickrage:9.4.187
-
cpe:2.3:a:sickrage:sickrage:9.4.188
-
cpe:2.3:a:sickrage:sickrage:9.4.189
-
cpe:2.3:a:sickrage:sickrage:9.4.19
-
cpe:2.3:a:sickrage:sickrage:9.4.190
-
cpe:2.3:a:sickrage:sickrage:9.4.191
-
cpe:2.3:a:sickrage:sickrage:9.4.192
-
cpe:2.3:a:sickrage:sickrage:9.4.193
-
cpe:2.3:a:sickrage:sickrage:9.4.194
-
cpe:2.3:a:sickrage:sickrage:9.4.195
-
cpe:2.3:a:sickrage:sickrage:9.4.196
-
cpe:2.3:a:sickrage:sickrage:9.4.197
-
cpe:2.3:a:sickrage:sickrage:9.4.198
-
cpe:2.3:a:sickrage:sickrage:9.4.199
-
cpe:2.3:a:sickrage:sickrage:9.4.2
-
cpe:2.3:a:sickrage:sickrage:9.4.20
-
cpe:2.3:a:sickrage:sickrage:9.4.200
-
cpe:2.3:a:sickrage:sickrage:9.4.201
-
cpe:2.3:a:sickrage:sickrage:9.4.202
-
cpe:2.3:a:sickrage:sickrage:9.4.203
-
cpe:2.3:a:sickrage:sickrage:9.4.204
-
cpe:2.3:a:sickrage:sickrage:9.4.205
-
cpe:2.3:a:sickrage:sickrage:9.4.206
-
cpe:2.3:a:sickrage:sickrage:9.4.207
-
cpe:2.3:a:sickrage:sickrage:9.4.208
-
cpe:2.3:a:sickrage:sickrage:9.4.209
-
cpe:2.3:a:sickrage:sickrage:9.4.21
-
cpe:2.3:a:sickrage:sickrage:9.4.210
-
cpe:2.3:a:sickrage:sickrage:9.4.211
-
cpe:2.3:a:sickrage:sickrage:9.4.212
-
cpe:2.3:a:sickrage:sickrage:9.4.213
-
cpe:2.3:a:sickrage:sickrage:9.4.214
-
cpe:2.3:a:sickrage:sickrage:9.4.215
-
cpe:2.3:a:sickrage:sickrage:9.4.216
-
cpe:2.3:a:sickrage:sickrage:9.4.217
-
cpe:2.3:a:sickrage:sickrage:9.4.218
-
cpe:2.3:a:sickrage:sickrage:9.4.219
-
cpe:2.3:a:sickrage:sickrage:9.4.22
-
cpe:2.3:a:sickrage:sickrage:9.4.220
-
cpe:2.3:a:sickrage:sickrage:9.4.221
-
cpe:2.3:a:sickrage:sickrage:9.4.222
-
cpe:2.3:a:sickrage:sickrage:9.4.223
-
cpe:2.3:a:sickrage:sickrage:9.4.224
-
cpe:2.3:a:sickrage:sickrage:9.4.23
-
cpe:2.3:a:sickrage:sickrage:9.4.24
-
cpe:2.3:a:sickrage:sickrage:9.4.25
-
cpe:2.3:a:sickrage:sickrage:9.4.26
-
cpe:2.3:a:sickrage:sickrage:9.4.27
-
cpe:2.3:a:sickrage:sickrage:9.4.28
-
cpe:2.3:a:sickrage:sickrage:9.4.29
-
cpe:2.3:a:sickrage:sickrage:9.4.3
-
cpe:2.3:a:sickrage:sickrage:9.4.30
-
cpe:2.3:a:sickrage:sickrage:9.4.31
-
cpe:2.3:a:sickrage:sickrage:9.4.32
-
cpe:2.3:a:sickrage:sickrage:9.4.34
-
cpe:2.3:a:sickrage:sickrage:9.4.35
-
cpe:2.3:a:sickrage:sickrage:9.4.36
-
cpe:2.3:a:sickrage:sickrage:9.4.37
-
cpe:2.3:a:sickrage:sickrage:9.4.38
-
cpe:2.3:a:sickrage:sickrage:9.4.39
-
cpe:2.3:a:sickrage:sickrage:9.4.4
-
cpe:2.3:a:sickrage:sickrage:9.4.40
-
cpe:2.3:a:sickrage:sickrage:9.4.41
-
cpe:2.3:a:sickrage:sickrage:9.4.43
-
cpe:2.3:a:sickrage:sickrage:9.4.44
-
cpe:2.3:a:sickrage:sickrage:9.4.45
-
cpe:2.3:a:sickrage:sickrage:9.4.46
-
cpe:2.3:a:sickrage:sickrage:9.4.47
-
cpe:2.3:a:sickrage:sickrage:9.4.48
-
cpe:2.3:a:sickrage:sickrage:9.4.49
-
cpe:2.3:a:sickrage:sickrage:9.4.5
-
cpe:2.3:a:sickrage:sickrage:9.4.50
-
cpe:2.3:a:sickrage:sickrage:9.4.51
-
cpe:2.3:a:sickrage:sickrage:9.4.52
-
cpe:2.3:a:sickrage:sickrage:9.4.53
-
cpe:2.3:a:sickrage:sickrage:9.4.54
-
cpe:2.3:a:sickrage:sickrage:9.4.55
-
cpe:2.3:a:sickrage:sickrage:9.4.56
-
cpe:2.3:a:sickrage:sickrage:9.4.57
-
cpe:2.3:a:sickrage:sickrage:9.4.58
-
cpe:2.3:a:sickrage:sickrage:9.4.59
-
cpe:2.3:a:sickrage:sickrage:9.4.6
-
cpe:2.3:a:sickrage:sickrage:9.4.61
-
cpe:2.3:a:sickrage:sickrage:9.4.62
-
cpe:2.3:a:sickrage:sickrage:9.4.63
-
cpe:2.3:a:sickrage:sickrage:9.4.65
-
cpe:2.3:a:sickrage:sickrage:9.4.66
-
cpe:2.3:a:sickrage:sickrage:9.4.68
-
cpe:2.3:a:sickrage:sickrage:9.4.69
-
cpe:2.3:a:sickrage:sickrage:9.4.7
-
cpe:2.3:a:sickrage:sickrage:9.4.70
-
cpe:2.3:a:sickrage:sickrage:9.4.71
-
cpe:2.3:a:sickrage:sickrage:9.4.72
-
cpe:2.3:a:sickrage:sickrage:9.4.73
-
cpe:2.3:a:sickrage:sickrage:9.4.74
-
cpe:2.3:a:sickrage:sickrage:9.4.75
-
cpe:2.3:a:sickrage:sickrage:9.4.76
-
cpe:2.3:a:sickrage:sickrage:9.4.77
-
cpe:2.3:a:sickrage:sickrage:9.4.78
-
cpe:2.3:a:sickrage:sickrage:9.4.79
-
cpe:2.3:a:sickrage:sickrage:9.4.8
-
cpe:2.3:a:sickrage:sickrage:9.4.80
-
cpe:2.3:a:sickrage:sickrage:9.4.81
-
cpe:2.3:a:sickrage:sickrage:9.4.82
-
cpe:2.3:a:sickrage:sickrage:9.4.83
-
cpe:2.3:a:sickrage:sickrage:9.4.84
-
cpe:2.3:a:sickrage:sickrage:9.4.85
-
cpe:2.3:a:sickrage:sickrage:9.4.86
-
cpe:2.3:a:sickrage:sickrage:9.4.87
-
cpe:2.3:a:sickrage:sickrage:9.4.88
-
cpe:2.3:a:sickrage:sickrage:9.4.89
-
cpe:2.3:a:sickrage:sickrage:9.4.9
-
cpe:2.3:a:sickrage:sickrage:9.4.90
-
cpe:2.3:a:sickrage:sickrage:9.4.91
-
cpe:2.3:a:sickrage:sickrage:9.4.92
-
cpe:2.3:a:sickrage:sickrage:9.4.93
-
cpe:2.3:a:sickrage:sickrage:9.4.94
-
cpe:2.3:a:sickrage:sickrage:9.4.95
-
cpe:2.3:a:sickrage:sickrage:9.4.96
-
cpe:2.3:a:sickrage:sickrage:9.4.97
-
cpe:2.3:a:sickrage:sickrage:9.4.98
-
cpe:2.3:a:sickrage:sickrage:9.4.99