CVE-2024-47618

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-47618

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47618.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-47618

Aliases

GHSA-255w-87rh-rg44

Published

2024-10-03T15:15:15Z

Modified

2024-10-08T15:51:29.603438Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims’ (other users including admins) browsers. This issue is fixed in 2.6.5.

References

Affected packages

Git / github.com/sulu/sulu

Affected ranges

Type: GIT
Repo: https://github.com/sulu/sulu
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ca72f75eebe41ea7726624d8aea7da6c425f1eb9

Affected versions

0.*

0.1.0

0.1.1

0.10.0

0.10.1

0.11.0

0.11.1

0.11.2

0.12.0

0.13.0

0.13.1

0.13.2

0.14.0

0.14.1

0.14.2

0.15.0

0.15.1

0.15.2

0.15.3

0.16.0

0.16.1

0.16.2

0.17.0

0.17.0-RC1

0.17.0-RC2

0.18.0

0.18.1

0.18.2

0.2.0

0.3.0

0.4.0

0.5.0

0.6.0

0.6.1

0.6.2

0.6.3

0.6.4

0.6.5

0.6.6

0.6.7

0.6.8

0.7.0

0.7.1

0.8.0

0.8.1

0.8.2

0.8.3

0.8.4

0.8.5

0.9.0

1.*

1.0.0

1.0.0-RC1

1.0.0-RC2

1.0.0-RC3

1.0.1

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1.0

1.1.1

1.1.10

1.1.11

1.1.12

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.2.0

1.2.0-RC1

1.2.0-RC2

1.2.0-RC3

1.2.0-RC4

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.3.0

1.3.0-RC1

1.3.0-RC2

1.3.0-RC3

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.4.0

1.4.0-RC1

1.4.0-RC2

1.4.1

1.4.10

1.4.11

1.4.12

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

1.5.0

1.5.0-RC1

1.5.0-RC2

1.5.0-RC3

1.5.1

1.5.10

1.5.11

1.5.12

1.5.13

1.5.14

1.5.15

1.5.16

1.5.17

1.5.18

1.5.19

1.5.2

1.5.20

1.5.21

1.5.22

1.5.23

1.5.24

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.5.8

1.5.9

1.6.0

1.6.0-RC1

1.6.1

1.6.10

1.6.11

1.6.12

1.6.13

1.6.14

1.6.15

1.6.16

1.6.17

1.6.18

1.6.19

1.6.2

1.6.20

1.6.21

1.6.22

1.6.23

1.6.24

1.6.25

1.6.26

1.6.27

1.6.28

1.6.29

1.6.3

1.6.30

1.6.31

1.6.32

1.6.33

1.6.34

1.6.35

1.6.36

1.6.37

1.6.38

1.6.39

1.6.4

1.6.40

1.6.41

1.6.42

1.6.43

1.6.44

1.6.45

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

2.*

2.0.0

2.0.0-RC1

2.0.0-RC2

2.0.0-RC3

2.0.0-alpha1

2.0.0-alpha2

2.0.0-alpha3

2.0.0-alpha4

2.0.0-alpha5

2.0.0-alpha6

2.0.1

2.0.10

2.0.11

2.0.12

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.1.0

2.1.0-RC1

2.1.0-RC2

2.1.1

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.2.0

2.2.0-RC1

2.2.1

2.2.10

2.2.11

2.2.12

2.2.13

2.2.14

2.2.15

2.2.16

2.2.17

2.2.18

2.2.19

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.3.0

2.3.0-RC1

2.3.0-RC2

2.3.1

2.3.10

2.3.11

2.3.12

2.3.13

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.3.8

2.3.9

2.4.0

2.4.0-RC1

2.4.1

2.4.10

2.4.11

2.4.12

2.4.13

2.4.14

2.4.15

2.4.16

2.4.17

2.4.18

2.4.19

2.4.2

2.4.20

2.4.3

2.4.4

2.4.5

2.4.6

2.4.7

2.4.8

2.4.9

2.5.0

2.5.0-alpha1

2.5.1

2.5.10

2.5.11

2.5.12

2.5.13

2.5.14

2.5.15

2.5.16

2.5.17

2.5.18

2.5.19

2.5.2

2.5.20

2.5.3

2.5.4

2.5.5

2.5.6

2.5.7

2.5.8

2.5.9