{"id":"PYSEC-2021-148","details":"In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the context of the user.","aliases":["CVE-2021-25926","GHSA-x823-j7c4-vpc5"],"modified":"2023-11-08T04:05:17.408172Z","published":"2021-04-12T14:15:00Z","references":[{"type":"FIX","url":"https://github.com/SiCKRAGE/SiCKRAGE/commit/9f42426727e16609ad3d1337f6637588b8ed28e4"},{"type":"WEB","url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25926,"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-x823-j7c4-vpc5"}],"affected":[{"package":{"name":"sickrage","ecosystem":"PyPI","purl":"pkg:pypi/sickrage"},"ranges":[{"type":"GIT","repo":"https://github.com/SiCKRAGE/SiCKRAGE","events":[{"introduced":"0"},{"fixed":"9f42426727e16609ad3d1337f6637588b8ed28e4"}]},{"type":"ECOSYSTEM","events":[{"introduced":"9.3.55"},{"fixed":"10.0.12.dev1"}]}],"versions":["10.0.0","10.0.0.dev10","10.0.0.dev11","10.0.0.dev12","10.0.0.dev13","10.0.0.dev14","10.0.0.dev15","10.0.0.dev16","10.0.0.dev17","10.0.0.dev18","10.0.0.dev19","10.0.0.dev20","10.0.0.dev21","10.0.0.dev22","10.0.0.dev23","10.0.0.dev24","10.0.0.dev25","10.0.0.dev26","10.0.0.dev27","10.0.0.dev28","10.0.0.dev29","10.0.0.dev3","10.0.0.dev30","10.0.0.dev31","10.0.0.dev33","10.0.0.dev34","10.0.0.dev35","10.0.0.dev4","10.0.0.dev5","10.0.0.dev6","10.0.0.dev7","10.0.0.dev8","10.0.0.dev9","10.0.1","10.0.1.dev1","10.0.10","10.0.10.dev1","10.0.10.dev2","10.0.11","10.0.11.dev1","10.0.11.dev2","10.0.2","10.0.2.dev1","10.0.3","10.0.3.dev1","10.0.4","10.0.4.dev1","10.0.4.dev2","10.0.4.dev3","10.0.4.dev4","10.0.5","10.0.5.dev1","10.0.6","10.0.6.dev1","10.0.7","10.0.7.dev1","10.0.7.dev2","10.0.8","10.0.8.dev1","10.0.8.dev2","10.0.8.dev3","10.0.9","10.0.9.dev2","9.3.55","9.3.56","9.3.56.dev1","9.3.56.dev10","9.3.56.dev11","9.3.56.dev12","9.3.56.dev13","9.3.56.dev14","9.3.56.dev15","9.3.56.dev16","9.3.56.dev17","9.3.56.dev18","9.3.56.dev19","9.3.56.dev2","9.3.56.dev20","9.3.56.dev21","9.3.56.dev22","9.3.56.dev23","9.3.56.dev24","9.3.56.dev25","9.3.56.dev26","9.3.56.dev27","9.3.56.dev28","9.3.56.dev29","9.3.56.dev3","9.3.56.dev4","9.3.56.dev5","9.3.56.dev6","9.3.56.dev7","9.3.56.dev8","9.3.56.dev9","9.3.57","9.3.58","9.3.58.dev1","9.3.58.dev2","9.3.59","9.3.59.dev1","9.3.59.dev2","9.3.59.dev3","9.3.60","9.3.60.dev1","9.3.61","9.3.62","9.3.63","9.3.64","9.3.65","9.3.65.dev1","9.3.65.dev2","9.3.65.dev3","9.3.66","9.3.66.dev1","9.3.66.dev2","9.3.67","9.3.68","9.3.69","9.3.70","9.3.70.dev1","9.3.70.dev2","9.3.71","9.3.72","9.3.72.dev1","9.3.73","9.3.74","9.3.74.dev1","9.3.75","9.3.76","9.3.77","9.3.78","9.3.79","9.3.79.dev1","9.3.79.dev10","9.3.79.dev2","9.3.79.dev3","9.3.79.dev4","9.3.79.dev5","9.3.79.dev6","9.3.79.dev7","9.3.79.dev8","9.3.79.dev9","9.3.80","9.3.80.dev1","9.3.80.dev2","9.3.80.dev3","9.3.80.dev4","9.3.80.dev5","9.3.80.dev6","9.3.81","9.3.81.dev1","9.3.82","9.3.83","9.3.83.dev1","9.3.84","9.3.85","9.3.86","9.3.87","9.3.88","9.3.89","9.3.90","9.3.91","9.3.92","9.3.93","9.3.94","9.3.95","9.3.96","9.3.97","9.3.98","9.3.99","9.4.1","9.4.10","9.4.100","9.4.101","9.4.102","9.4.103","9.4.104","9.4.105","9.4.106","9.4.106.dev1","9.4.106.dev2","9.4.106.dev3","9.4.106.dev4","9.4.106.dev5","9.4.106.dev6","9.4.107","9.4.108","9.4.109","9.4.11","9.4.110","9.4.111","9.4.113","9.4.114","9.4.115","9.4.116","9.4.117","9.4.118","9.4.119","9.4.12","9.4.120","9.4.120.dev1","9.4.121.dev1","9.4.122.dev1","9.4.123","9.4.123.dev1","9.4.124","9.4.124.dev2","9.4.13","9.4.130","9.4.131","9.4.131.dev1","9.4.132","9.4.132.dev1","9.4.133","9.4.133.dev1","9.4.134","9.4.134.dev1","9.4.134.dev2","9.4.134.dev3","9.4.134.dev4","9.4.134.dev5","9.4.134.dev6","9.4.134.dev7","9.4.135","9.4.136","9.4.137","9.4.137.dev1","9.4.138","9.4.138.dev1","9.4.139","9.4.139.dev1","9.4.139.dev2","9.4.14","9.4.141","9.4.142","9.4.143","9.4.143.dev1","9.4.144","9.4.144.dev1","9.4.145","9.4.145.dev1","9.4.145.dev2","9.4.146","9.4.146.dev1","9.4.147","9.4.147.dev1","9.4.148","9.4.148.dev1","9.4.149","9.4.149.dev1","9.4.15","9.4.150","9.4.150.dev1","9.4.151","9.4.151.dev1","9.4.152","9.4.152.dev1","9.4.153","9.4.153.dev1","9.4.154","9.4.154.dev1","9.4.155","9.4.155.dev1","9.4.156","9.4.156.dev1","9.4.157","9.4.157.dev1","9.4.158","9.4.158.dev1","9.4.159","9.4.159.dev1","9.4.16","9.4.160","9.4.160.dev1","9.4.161","9.4.161.dev1","9.4.162.dev1","9.4.163","9.4.164","9.4.164.dev1","9.4.164.dev2","9.4.165","9.4.165.dev1","9.4.166","9.4.166.dev1","9.4.167","9.4.167.dev1","9.4.168","9.4.168.dev1","9.4.168.dev2","9.4.169","9.4.169.dev1","9.4.169.dev2","9.4.17","9.4.170","9.4.171","9.4.171.dev1","9.4.172","9.4.172.dev1","9.4.173","9.4.173.dev1","9.4.174","9.4.174.dev1","9.4.175","9.4.175.dev1","9.4.176","9.4.177","9.4.178","9.4.178.dev1","9.4.178.dev15","9.4.178.dev16","9.4.178.dev17","9.4.178.dev2","9.4.178.dev3","9.4.178.dev4","9.4.178.dev5","9.4.178.dev6","9.4.178.dev7","9.4.178.dev8","9.4.179","9.4.179.dev1","9.4.18","9.4.181","9.4.182.dev1","9.4.182.dev2","9.4.183","9.4.184.dev1","9.4.184.dev4","9.4.184.dev5","9.4.184.dev6","9.4.184.dev8","9.4.184.dev9","9.4.186","9.4.186.dev1","9.4.187","9.4.187.dev5","9.4.188","9.4.188.dev1","9.4.189","9.4.189.dev1","9.4.189.dev2","9.4.189.dev3","9.4.19","9.4.190","9.4.190.dev1","9.4.190.dev2","9.4.191","9.4.191.dev1","9.4.191.dev2","9.4.192","9.4.192.dev1","9.4.192.dev2","9.4.192.dev3","9.4.193","9.4.193.dev1","9.4.193.dev2","9.4.194","9.4.194.dev1","9.4.194.dev2","9.4.194.dev3","9.4.194.dev4","9.4.194.dev5","9.4.194.dev6","9.4.195","9.4.195.dev1","9.4.196","9.4.196.dev1","9.4.197","9.4.197.dev1","9.4.197.dev3","9.4.197.dev4","9.4.197.dev5","9.4.198","9.4.198.dev1","9.4.199","9.4.199.dev1","9.4.2","9.4.20","9.4.200","9.4.200.dev1","9.4.200.dev10","9.4.200.dev3","9.4.200.dev4","9.4.200.dev5","9.4.200.dev6","9.4.200.dev7","9.4.200.dev8","9.4.200.dev9","9.4.201","9.4.202","9.4.202.dev10","9.4.202.dev11","9.4.202.dev12","9.4.202.dev13","9.4.202.dev14","9.4.202.dev15","9.4.202.dev16","9.4.202.dev17","9.4.202.dev18","9.4.202.dev2","9.4.202.dev20","9.4.202.dev21","9.4.202.dev22","9.4.202.dev23","9.4.202.dev24","9.4.202.dev25","9.4.202.dev26","9.4.202.dev27","9.4.202.dev28","9.4.202.dev29","9.4.202.dev3","9.4.202.dev30","9.4.202.dev31","9.4.202.dev33","9.4.202.dev34","9.4.202.dev35","9.4.202.dev36","9.4.202.dev4","9.4.202.dev5","9.4.202.dev6","9.4.202.dev7","9.4.202.dev8","9.4.202.dev9","9.4.203","9.4.203.dev1","9.4.204","9.4.204.dev1","9.4.205","9.4.205.dev1","9.4.205.dev2","9.4.205.dev3","9.4.205.dev4","9.4.205.dev5","9.4.206","9.4.206.dev1","9.4.207","9.4.207.dev1","9.4.207.dev2","9.4.208","9.4.208.dev1","9.4.208.dev2","9.4.208.dev3","9.4.208.dev4","9.4.208.dev5","9.4.209","9.4.209.dev1","9.4.21","9.4.210","9.4.210.dev1","9.4.211","9.4.211.dev1","9.4.211.dev2","9.4.212","9.4.212.dev1","9.4.212.dev10","9.4.212.dev11","9.4.212.dev12","9.4.212.dev13","9.4.212.dev14","9.4.212.dev15","9.4.212.dev16","9.4.212.dev17","9.4.212.dev18","9.4.212.dev19","9.4.212.dev2","9.4.212.dev20","9.4.212.dev21","9.4.212.dev22","9.4.212.dev23","9.4.212.dev24","9.4.212.dev25","9.4.212.dev26","9.4.212.dev28","9.4.212.dev29","9.4.212.dev3","9.4.212.dev30","9.4.212.dev31","9.4.212.dev32","9.4.212.dev33","9.4.212.dev34","9.4.212.dev35","9.4.212.dev36","9.4.212.dev37","9.4.212.dev38","9.4.212.dev39","9.4.212.dev4","9.4.212.dev40","9.4.212.dev41","9.4.212.dev42","9.4.212.dev43","9.4.212.dev44","9.4.212.dev45","9.4.212.dev46","9.4.212.dev47","9.4.212.dev48","9.4.212.dev49","9.4.212.dev5","9.4.212.dev50","9.4.212.dev51","9.4.212.dev52","9.4.212.dev6","9.4.212.dev7","9.4.212.dev8","9.4.212.dev9","9.4.213","9.4.213.dev1","9.4.214","9.4.214.dev3","9.4.214.dev4","9.4.214.dev5","9.4.214.dev6","9.4.214.dev7","9.4.215","9.4.215.dev1","9.4.216","9.4.216.dev1","9.4.216.dev2","9.4.216.dev3","9.4.216.dev4","9.4.216.dev5","9.4.216.dev6","9.4.217","9.4.217.dev1","9.4.218","9.4.218.dev1","9.4.219","9.4.219.dev1","9.4.219.dev2","9.4.219.dev3","9.4.219.dev4","9.4.219.dev5","9.4.219.dev6","9.4.22","9.4.220","9.4.220.dev1","9.4.221","9.4.221.dev1","9.4.222","9.4.222.dev1","9.4.223","9.4.223.dev1","9.4.224.dev1","9.4.224.dev2","9.4.224.dev3","9.4.224.dev4","9.4.224.dev5","9.4.224.dev6","9.4.224.dev7","9.4.224.dev8","9.4.23","9.4.24","9.4.25","9.4.26","9.4.27","9.4.28","9.4.29","9.4.29.dev1","9.4.29.dev2","9.4.3","9.4.30","9.4.30.dev1","9.4.31","9.4.31.dev1","9.4.31.dev2","9.4.31.dev3","9.4.31.dev4","9.4.31.dev5","9.4.32","9.4.34","9.4.35","9.4.36","9.4.36.dev1","9.4.36.dev2","9.4.36.dev3","9.4.38","9.4.39","9.4.4","9.4.40","9.4.41","9.4.41.dev1","9.4.43","9.4.44","9.4.45","9.4.46","9.4.47","9.4.48","9.4.48.dev1","9.4.48.dev2","9.4.48.dev3","9.4.48.dev4","9.4.48.dev5","9.4.48.dev6","9.4.48.dev7","9.4.48.dev8","9.4.48.dev9","9.4.49","9.4.5","9.4.50","9.4.51","9.4.52","9.4.53","9.4.55","9.4.56","9.4.56.dev1","9.4.56.dev2","9.4.56.dev3","9.4.56.dev4","9.4.56.dev5","9.4.57","9.4.58","9.4.58.dev1","9.4.59","9.4.59.dev1","9.4.59.dev3","9.4.6","9.4.61","9.4.62","9.4.62.dev1","9.4.63","9.4.65","9.4.66","9.4.68","9.4.69","9.4.69.dev1","9.4.7","9.4.70","9.4.70.dev1","9.4.71","9.4.72","9.4.73","9.4.74","9.4.74.dev1","9.4.74.dev2","9.4.75","9.4.76","9.4.77","9.4.78","9.4.79","9.4.8","9.4.80","9.4.81","9.4.82","9.4.83","9.4.84","9.4.84.dev2","9.4.85.dev10","9.4.85.dev11","9.4.85.dev12","9.4.85.dev13","9.4.85.dev14","9.4.85.dev15","9.4.85.dev16","9.4.85.dev17","9.4.85.dev18","9.4.85.dev19","9.4.85.dev2","9.4.85.dev20","9.4.85.dev21","9.4.85.dev22","9.4.85.dev23","9.4.85.dev24","9.4.85.dev25","9.4.85.dev26","9.4.85.dev27","9.4.85.dev28","9.4.85.dev29","9.4.85.dev3","9.4.85.dev30","9.4.85.dev31","9.4.85.dev35","9.4.85.dev36","9.4.85.dev37","9.4.85.dev4","9.4.85.dev5","9.4.85.dev6","9.4.85.dev7","9.4.85.dev8","9.4.85.dev9","9.4.87.dev1","9.4.87.dev2","9.4.87.dev3","9.4.87.dev4","9.4.87.dev5","9.4.87.dev6","9.4.87.dev7","9.4.87.dev8","9.4.87.dev9","9.4.88.dev2","9.4.88.dev3","9.4.88.dev4","9.4.88.dev5","9.4.88.dev6","9.4.9","9.4.92.dev1","9.4.96","9.4.96.dev1","9.4.96.dev2","9.4.97","9.4.97.dev1","9.4.98","9.4.99"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/sickrage/PYSEC-2021-148.yaml"}}],"schema_version":"1.7.3"}