Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround (this is the default state). Malicious javascript code can be executed (not stored) on login and retrieve password pages. This issue is patched in version 0.9.5.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-10-25T16:00:19
Updated: 2024-08-03T18:09:15.156Z
Reserved: 2020-12-22T00:00:00
Link: CVE-2021-21319
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-10-25T16:15:08.020
Modified: 2024-11-21T05:48:00.793
Link: CVE-2021-21319
Redhat
No data.