Vulnerability DatabaseCVE-2021-41261

CVE-2021-41261:
Linux Ubuntu vulnerability analysis and mitigation

Overview

Galette, a membership management web application built for non-profit organizations and released under GPLv3, was found to be vulnerable to stored cross-site scripting (XSS) attacks in versions prior to 0.9.6. The vulnerability was discovered in the preferences footer functionality, which could only be modified by site administrators (GitHub Advisory, NVD).

Technical details

The vulnerability was identified as a stored XSS issue that could allow malicious scripts to be injected into the preferences footer of the application. The issue received a CVSS v3.1 base score of 4.8 (MEDIUM) from NVD with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, while GitHub assessed it at 8.1 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N (NVD).

Impact

The vulnerability could allow attackers to inject malicious browser-side scripts into the application, which could then be executed when viewed by other users. However, the impact is limited since the vulnerability requires administrator privileges to exploit, as only administrators can modify the preferences footer (GitHub Advisory).

Mitigation and workarounds

The vulnerability was patched in version 0.9.6 of Galette. All users are advised to upgrade to this version or later. There are no known workarounds for this vulnerability (GitHub Advisory).

Additional resources

Source: This report was generated using AI

Related Linux Ubuntu vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-71144	N/A	N/A	Linux Debian	linux	No	Yes	Jan 14, 2026
CVE-2025-71143	N/A	N/A	Linux Debian	linux	No	No	Jan 14, 2026
CVE-2025-71142	N/A	N/A	Linux Kernel	kernel-64k-core	No	No	Jan 14, 2026
CVE-2025-71141	N/A	N/A	Linux Debian	linux-aws-fips	No	No	Jan 14, 2026
CVE-2025-71140	N/A	N/A	Linux Debian	linux-gcp-fips	No	No	Jan 14, 2026