### [CVE-2021-25925](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25925)
![](https://img.shields.io/static/v1?label=Product&message=sickrage&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=4.2.0-10.0.11.dev1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Scripting&color=brightgreen)

### Description

in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information.

### POC

#### Reference
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25925

#### Github
- https://github.com/ARPSyndicate/cvemon