Products
Sulu
- 2.6.5
Source
security-advisories@github.com
Tags
CVE-2024-47618 details
Published : Oct. 3, 2024, 3:15 p.m.
Last Modified : Oct. 3, 2024, 3:15 p.m.
Last Modified : Oct. 3, 2024, 3:15 p.m.
Description
Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims’ (other users including admins) browsers. This issue is fixed in 2.6.5.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
References
| URL | Source |
|---|---|
| https://github.com/sulu/sulu/commit/ca72f75eebe41ea7726624d8aea7da6c425f1eb9 | security-advisories@github.com |
| https://github.com/sulu/sulu/security/advisories/GHSA-255w-87rh-rg44 | security-advisories@github.com |
This website uses the NVD API, but is not approved or certified by it.