CVE-2024-47617 Information

Description

Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting (XSS) issue which could potentially allow attackers to steal sensitive information manipulate the website’s content or perform actions on behalf of the victim. This vulnerability is fixed in 2.6.5 and 2.5.21.

Reference

https://github.com/sulu/sulu/security/advisories/GHSA-6784-9c82-vr85 https://github.com/sulu/sulu/commit/a5a5ae555d282e88ff8559d38cfb46dea7939bda https://github.com/sulu/sulu/commit/eeacd14b6cf55f710084788140d40ebb00314b29