CVE-2024-47618

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-47618

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47618.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-47618

Aliases

GHSA-255w-87rh-rg44

Published

2024-10-03T14:18:02.129Z

Modified

2025-12-05T06:34:10.313183Z

Severity

5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator

Summary

Sulu vulnerable to XSS via uploaded SVG

Details

Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims’ (other users including admins) browsers. This issue is fixed in 2.6.5.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47618.json"
}

References

Affected packages

Git / github.com/sulu/sulu

Affected ranges

Type

GIT

Repo

https://github.com/sulu/sulu

Events

Introduced

0523ce7f1c2fdfd81a132a0a1c1aca477276d4b3

Fixed

92259f9f80253891379c3946995a5cd457c2913e

Database specific

{
    "versions": [
        {
            "introduced": "2.0.0-RC1"
        },
        {
            "fixed": "2.5.21"
        }
    ]
}

Type

GIT

Repo

https://github.com/sulu/sulu

Events

Introduced

17662b6874c788613736dec24583915c749decbc

Fixed

053c32868708fe26b9994f3cbb7d85e3d76be338

Database specific

{
    "versions": [
        {
            "introduced": "2.6.0-RC1"
        },
        {
            "fixed": "2.6.5"
        }
    ]
}

Affected versions

1.*

1.5.24

1.6.28

1.6.29

1.6.30

1.6.31

1.6.32

1.6.33

1.6.34

1.6.35

1.6.36

1.6.37

1.6.38

1.6.39

1.6.40

1.6.41

1.6.42

1.6.43

1.6.44

1.6.45

2.*

2.0.0

2.0.0-RC1

2.0.0-RC2

2.0.0-RC3

2.0.1

2.0.10

2.0.11

2.0.12

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.1.0

2.1.0-RC1

2.1.0-RC2

2.1.1

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.2.0

2.2.0-RC1

2.2.1

2.2.10

2.2.11

2.2.12

2.2.13

2.2.14

2.2.15

2.2.16

2.2.17

2.2.18

2.2.19

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.3.0

2.3.0-RC1

2.3.0-RC2

2.3.1

2.3.10

2.3.11

2.3.12

2.3.13

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.3.8

2.3.9

2.4.0

2.4.0-RC1

2.4.1

2.4.10

2.4.11

2.4.12

2.4.13

2.4.14

2.4.15

2.4.16

2.4.17

2.4.18

2.4.19

2.4.2

2.4.20

2.4.3

2.4.4

2.4.5

2.4.6

2.4.7

2.4.8

2.4.9

2.5.0

2.5.0-alpha1

2.5.1

2.5.10

2.5.11

2.5.12

2.5.13

2.5.14

2.5.15

2.5.16

2.5.17

2.5.18

2.5.19

2.5.2

2.5.20

2.5.21

2.5.3

2.5.4

2.5.5

2.5.6

2.5.7

2.5.8

2.5.9

2.6.0

2.6.0-RC1

2.6.0-RC2

2.6.1

2.6.2

2.6.3

2.6.4