Vulnerability Description
Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting (XSS) issue, which could potentially allow attackers to steal sensitive information, manipulate the website's content, or perform actions on behalf of the victim. This vulnerability is fixed in 2.6.5 and 2.5.21.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sulu | Sulu | 2.5.20 |
Related Weaknesses (CWE)
References
- https://github.com/sulu/sulu/commit/a5a5ae555d282e88ff8559d38cfb46dea7939bdaProduct
- https://github.com/sulu/sulu/commit/eeacd14b6cf55f710084788140d40ebb00314b29Patch
- https://github.com/sulu/sulu/security/advisories/GHSA-6784-9c82-vr85Vendor Advisory
FAQ
What is CVE-2024-47617?
CVE-2024-47617 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle compo...
How severe is CVE-2024-47617?
CVE-2024-47617 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-47617?
Check the references section above for vendor advisories and patch information. Affected products include: Sulu Sulu.