Moderate severityNVD Advisory· Published Oct 3, 2024· Updated Oct 18, 2024
Sulu vulnerable to XSS via uploaded SVG
CVE-2024-47618
Description
Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims’ (other users including admins) browsers. This issue is fixed in 2.6.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sulu/suluPackagist | >= 2.0.0-RC1, < 2.5.21 | 2.5.21 |
sulu/suluPackagist | >= 2.6.0-RC1, < 2.6.5 | 2.6.5 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-255w-87rh-rg44ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-47618ghsaADVISORY
- github.com/sulu/sulu/commit/ca72f75eebe41ea7726624d8aea7da6c425f1eb9ghsax_refsource_MISCWEB
- github.com/sulu/sulu/security/advisories/GHSA-255w-87rh-rg44ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.