CVE-2024-47618 Information

Description

Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed the malicious javascript will be executed on the victims’ (other users including admins) browsers. This issue is fixed in 2.6.5.

Reference

https://github.com/sulu/sulu/security/advisories/GHSA-255w-87rh-rg44 https://github.com/sulu/sulu/commit/ca72f75eebe41ea7726624d8aea7da6c425f1eb9