CVE-2024-47617

MEDIUM

Sulu 2.6.0-2.6.4 - Reflected Cross-Site Scripting via Media Download URL

Title source: llm
STIX 2.1

Description

Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting (XSS) issue, which could potentially allow attackers to steal sensitive information, manipulate the website's content, or perform actions on behalf of the victim. This vulnerability is fixed in 2.6.5 and 2.5.21.

Scores

CVSS v3 6.1
EPSS 0.0032
EPSS Percentile 24.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (3)
sulu/sulu 2.5.20
sulu/sulu 2.6.4
sulu/sulu 2.6.0 - 2.6.5Packagist
Published Oct 03, 2024
Tracked Since Feb 18, 2026