QwikSec

Security Database

CVE

CWE

Training

CVE-2024-47618

Published: Oct 3, 2024

Modified: Oct 18, 2024

PUBLISHED

Description

Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims’ (other users including admins) browsers. This issue is fixed in 2.6.5.

Vendor	Product	Versions
sulu	sulu	affected `>= 2.0.0-RC1, < 2.5.21` affected `>= 2.6.0-RC1, < 2.6.5`

Weaknesses (CWE)

References

https://github.com/sulu/sulu/security/advisories/GHSA-255w-87rh-rg44

x_refsource_CONFIRM

https://github.com/sulu/sulu/commit/ca72f75eebe41ea7726624d8aea7da6c425f1eb9

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.