CVE-2024-47618

Name of the Vulnerable Software and Affected Versions Sulu versions 2.0.0 through 2.6.4

Description Sulu, a PHP content management system, is vulnerable to XSS attacks. A low-privileged user with access to the "Media" section can upload an SVG file containing a malicious payload. Once uploaded and accessed, the malicious JavaScript will be executed on the victims' browsers, including those of other users and admins.

Recommendations For Sulu versions 2.0.0 through 2.6.4, upgrade to version 2.6.5 to fix the issue. As a temporary workaround, consider restricting access to the "Media" section to prevent low-privileged users from uploading malicious SVG files. Avoid accessing SVG files uploaded by low-privileged users until the issue is resolved.