CVE-2024-47618

Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims’ (other users including admins) browsers. This issue is fixed in 2.6.5.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/sulu/sulu/commit/ca72f75eebe41ea7726624d8aea7da6c425f1eb9	Patch
https://github.com/sulu/sulu/security/advisories/GHSA-255w-87rh-rg44	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sulu:sulu::::::::
	cpe:2.3:a:sulu:sulu:2.0.0:-::::::
	cpe:2.3:a:sulu:sulu:2.0.0:rc1::::::
	cpe:2.3:a:sulu:sulu:2.0.0:rc2::::::
	cpe:2.3:a:sulu:sulu:2.0.0:rc3::::::

History

No history.

Information

Published : 2024-10-03 15:15

Updated : 2024-10-08 14:31

NVD link : CVE-2024-47618

Mitre link : CVE-2024-47618

CVE.ORG link : CVE-2024-47618

JSON object : View

Products Affected

sulu

sulu

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2024-47618", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 5.1, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "LOW", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "LOW", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-10-03T15:15:15.147", "references": [{"url": "https://github.com/sulu/sulu/commit/ca72f75eebe41ea7726624d8aea7da6c425f1eb9", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/sulu/sulu/security/advisories/GHSA-255w-87rh-rg44", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the \u201cMedia\u201d section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims\u2019 (other users including admins) browsers. This issue is fixed in 2.6.5."}, {"lang": "es", "value": "Sulu es un sistema de gesti\u00f3n de contenido PHP. Sulu es vulnerable a XSS, ya que un usuario con pocos privilegios y acceso a la secci\u00f3n \u201cMedios\u201d puede cargar un archivo SVG con una carga maliciosa. Una vez cargado y accedido, el c\u00f3digo JavaScript malicioso se ejecutar\u00e1 en los navegadores de las v\u00edctimas (otros usuarios, incluidos los administradores). Este problema se solucion\u00f3 en la versi\u00f3n 2.6.5."}], "lastModified": "2024-10-08T14:31:08.180", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B65140D-3A0E-4E34-8E65-36936BF03195", "versionEndExcluding": "2.6.5", "versionStartExcluding": "2.0.0"}, {"criteria": "cpe:2.3:a:sulu:sulu:2.0.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22FC3A80-4377-439B-93A6-8FF2EB7BA9F0"}, {"criteria": "cpe:2.3:a:sulu:sulu:2.0.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "712ADF94-5F2D-4347-B6E8-704FBBF097DF"}, {"criteria": "cpe:2.3:a:sulu:sulu:2.0.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BD27DD5-D0BB-40A9-AFD7-881B66E54D2B"}, {"criteria": "cpe:2.3:a:sulu:sulu:2.0.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8043D82-A8C5-4927-B605-C72D6947A5AB"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}