Vulnerability Description
Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones affected. The problem is patched with version(s) 2.4.16 and 2.5.12.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sulu | Sulu | >= 2.0.0, < 2.4.16 |
Related Weaknesses (CWE)
References
- https://github.com/sulu/sulu/releases/tag/2.4.16Release Notes
- https://github.com/sulu/sulu/releases/tag/2.5.12Release Notes
- https://github.com/sulu/sulu/security/advisories/GHSA-gfrh-gwqc-63cvVendor Advisory
- https://github.com/sulu/sulu/releases/tag/2.4.16Release Notes
- https://github.com/sulu/sulu/releases/tag/2.5.12Release Notes
- https://github.com/sulu/sulu/security/advisories/GHSA-gfrh-gwqc-63cvVendor Advisory
FAQ
What is CVE-2024-24807?
CVE-2024-24807 is a vulnerability with a CVSS score of 2.7 (LOW). Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is...
How severe is CVE-2024-24807?
CVE-2024-24807 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-24807?
Check the references section above for vendor advisories and patch information. Affected products include: Sulu Sulu.