Moderate severityNVD Advisory· Published Oct 3, 2024· Updated Oct 8, 2024
Reflected XSS Vulnerability in Sulu Media Bundle
CVE-2024-47617
Description
Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting (XSS) issue, which could potentially allow attackers to steal sensitive information, manipulate the website's content, or perform actions on behalf of the victim. This vulnerability is fixed in 2.6.5 and 2.5.21.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sulu/suluPackagist | >= 2.6.0, < 2.6.5 | 2.6.5 |
sulu/suluPackagist | >= 2.0.0, < 2.5.21 | 2.5.21 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-6784-9c82-vr85ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-47617ghsaADVISORY
- github.com/sulu/sulu/blob/2.6/src/Sulu/Bundle/MediaBundle/Controller/MediaStreamController.phpghsaWEB
- github.com/sulu/sulu/commit/a5a5ae555d282e88ff8559d38cfb46dea7939bdaghsax_refsource_MISCWEB
- github.com/sulu/sulu/commit/eeacd14b6cf55f710084788140d40ebb00314b29ghsax_refsource_MISCWEB
- github.com/sulu/sulu/security/advisories/GHSA-6784-9c82-vr85ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.