Low severityNVD Advisory· Published Feb 5, 2024· Updated Aug 1, 2024
Sulu is vulnerable to HTML Injection via Autocomplete Suggestion
CVE-2024-24807
Description
Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones affected. The problem is patched with version(s) 2.4.16 and 2.5.12.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sulu/suluPackagist | >= 2.0.0, < 2.4.16 | 2.4.16 |
sulu/suluPackagist | >= 2.5.0, < 2.5.12 | 2.5.12 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-gfrh-gwqc-63cvghsaADVISORY
- github.com/sulu/sulu/commit/570c78124ae97cb02469141b86ac69d9fb2cb147ghsaWEB
- github.com/sulu/sulu/releases/tag/2.4.16mitrex_refsource_MISC
- github.com/sulu/sulu/releases/tag/2.5.12mitrex_refsource_MISC
- github.com/sulu/sulu/security/advisories/GHSA-gfrh-gwqc-63cvghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.