CVE-2021-45895: Cross-site Scripting in Netgen Tags Bundle
6.1
Basic Information
Technical Details
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
netgen/tagsbundle | composer | >= 3.4.0, < 3.4.11 | 3.4.11 |
netgen/tagsbundle | composer | >= 4.0.0, < 4.0.15 | 4.0.15 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided information lacks concrete technical details about the vulnerability's root cause. While the advisory confirms XSS in the Tags Admin interface, there are no available commit diffs, patch details, or code examples showing the vulnerable implementation. XSS vulnerabilities typically involve insufficient output encoding when rendering user-controlled data, which could occur in Twig
templates or controller methods handling tag data. However, without specific code references from the patches (e.g., changes to template escaping or input sanitization
functions), we cannot confidently identify exact vulnerable functions or their file paths. The release notes mention the fix but provide no technical specifics required for precise function identification.