Aggregates CVE and security vulnerability intelligence across all sickrage-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk cross-site scripting, with potential vendor impact session compromise across vendor surface software deployment and vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-25926 | In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the context of the user. | [email protected] | 6.1 | 0.82% | 2021-04-12 | 2025-04-30 |
| CVE-2021-25925 | in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information. | [email protected] | 5.4 | 0.66% | 2021-04-12 | 2025-04-30 |
| CVE-2018-9160 | SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses. | [email protected] | 9.8 | 76.52% | 2018-03-31 | 2024-11-21 |