VYPR
Moderate severityNVD Advisory· Published Oct 3, 2024· Updated Oct 18, 2024

Sulu vulnerable to XSS via uploaded SVG

CVE-2024-47618

Description

Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims’ (other users including admins) browsers. This issue is fixed in 2.6.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
sulu/suluPackagist
>= 2.0.0-RC1, < 2.5.212.5.21
sulu/suluPackagist
>= 2.6.0-RC1, < 2.6.52.6.5

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.