← back
CVE-2024-47617

Reflected XSS Vulnerability in Sulu Media Bundle

CVSS 6.1 MEDIUMEPSS 0.4%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.1EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
03 Oct 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting (XSS) issue, which could potentially allow attackers to steal sensitive information, manipulate the website's content, or perform actions on behalf of the victim. This vulnerability is fixed in 2.6.5 and 2.5.21.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
sulu · sulu

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/sulu/sulu/commit/a5a5ae555d282e88ff8559d38cfb46dea7939bdahttps://github.com/sulu/sulu/commit/eeacd14b6cf55f710084788140d40ebb00314b29https://github.com/sulu/sulu/security/advisories/GHSA-6784-9c82-vr85