Search criteria
32 vulnerabilities found for sulu by sulu
CVE-2025-47778 (GCVE-0-2025-47778)
Vulnerability from cvelistv5 – Published: 2025-05-14 15:29 – Updated: 2025-05-14 18:13
VLAI?
Title
Sulu vulnerable to XXE in SVG File upload Inspector
Summary
Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has been patched in versions 2.6.9, 2.5.25, and 3.0.0-alpha3. As a workaround, one may patch the effect file `src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php` manually.
Severity ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T18:13:08.671516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T18:13:14.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.5.21, \u003c 2.5.25"
},
{
"status": "affected",
"version": "\u003e= 2.6.5, \u003c 2.6.9"
},
{
"status": "affected",
"version": "\u003e= 3.0.0-alpha1, \u003c 3.0.0-alpha3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has been patched in versions 2.6.9, 2.5.25, and 3.0.0-alpha3. As a workaround, one may patch the effect file `src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php` manually."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T15:29:08.187Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-f6rx-hf55-4255",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-f6rx-hf55-4255"
},
{
"name": "https://github.com/sulu/sulu/commit/02f52fca04eb9495b9b4a0c5cc64cf23bc27f544",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/commit/02f52fca04eb9495b9b4a0c5cc64cf23bc27f544"
},
{
"name": "https://github.com/sulu/sulu/blob/2.6/src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/blob/2.6/src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php"
}
],
"source": {
"advisory": "GHSA-f6rx-hf55-4255",
"discovery": "UNKNOWN"
},
"title": "Sulu vulnerable to XXE in SVG File upload Inspector"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47778",
"datePublished": "2025-05-14T15:29:08.187Z",
"dateReserved": "2025-05-09T19:49:35.620Z",
"dateUpdated": "2025-05-14T18:13:14.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47617 (GCVE-0-2024-47617)
Vulnerability from cvelistv5 – Published: 2024-10-03 14:24 – Updated: 2024-10-08 13:33
VLAI?
Title
Reflected XSS Vulnerability in Sulu Media Bundle
Summary
Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting (XSS) issue, which could potentially allow attackers to steal sensitive information, manipulate the website's content, or perform actions on behalf of the victim. This vulnerability is fixed in 2.6.5 and 2.5.21.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47617",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T14:38:49.459437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T13:33:43.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.6.4, \u003c 2.6.5"
},
{
"status": "affected",
"version": "\u003e= 2.5.20, \u003c 2.5.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting (XSS) issue, which could potentially allow attackers to steal sensitive information, manipulate the website\u0027s content, or perform actions on behalf of the victim. This vulnerability is fixed in 2.6.5 and 2.5.21."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T14:24:44.300Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-6784-9c82-vr85",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-6784-9c82-vr85"
},
{
"name": "https://github.com/sulu/sulu/commit/a5a5ae555d282e88ff8559d38cfb46dea7939bda",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/commit/a5a5ae555d282e88ff8559d38cfb46dea7939bda"
},
{
"name": "https://github.com/sulu/sulu/commit/eeacd14b6cf55f710084788140d40ebb00314b29",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/commit/eeacd14b6cf55f710084788140d40ebb00314b29"
}
],
"source": {
"advisory": "GHSA-6784-9c82-vr85",
"discovery": "UNKNOWN"
},
"title": "Reflected XSS Vulnerability in Sulu Media Bundle"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47617",
"datePublished": "2024-10-03T14:24:44.300Z",
"dateReserved": "2024-09-27T20:37:22.121Z",
"dateUpdated": "2024-10-08T13:33:43.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47618 (GCVE-0-2024-47618)
Vulnerability from cvelistv5 – Published: 2024-10-03 14:18 – Updated: 2024-10-18 14:42
VLAI?
Title
Sulu vulnerable to XSS via uploaded SVG
Summary
Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims’ (other users including admins) browsers. This issue is fixed in 2.6.5.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T13:20:32.450553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T13:34:22.787Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0-RC1, \u003c 2.5.21"
},
{
"status": "affected",
"version": "\u003e= 2.6.0-RC1, \u003c 2.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the \u201cMedia\u201d section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims\u2019 (other users including admins) browsers. This issue is fixed in 2.6.5."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T14:42:45.592Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-255w-87rh-rg44",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-255w-87rh-rg44"
},
{
"name": "https://github.com/sulu/sulu/commit/ca72f75eebe41ea7726624d8aea7da6c425f1eb9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/commit/ca72f75eebe41ea7726624d8aea7da6c425f1eb9"
}
],
"source": {
"advisory": "GHSA-255w-87rh-rg44",
"discovery": "UNKNOWN"
},
"title": "Sulu vulnerable to XSS via uploaded SVG"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47618",
"datePublished": "2024-10-03T14:18:02.129Z",
"dateReserved": "2024-09-27T20:37:22.121Z",
"dateUpdated": "2024-10-18T14:42:45.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27915 (GCVE-0-2024-27915)
Vulnerability from cvelistv5 – Published: 2024-03-06 19:33 – Updated: 2025-04-16 15:54
VLAI?
Title
Sulu grants access to pages regardless of role permissions
Summary
Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The problem is patched in versions 2.4.17 and 2.5.13. Some workarounds are available. One may apply the patch to `vendor/symfony/security-http/HttpUtils.php` manually or avoid installing `symfony/security-http` versions greater equal than `v5.4.30` or `v6.3.6`.
Severity ?
6.8 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"lessThan": "2.4.17",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
},
{
"lessThan": "2.5.13",
"status": "affected",
"version": "2.5.0-alpha1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T16:35:44.612681Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T15:54:40.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-jr83-m233-gg6p",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-jr83-m233-gg6p"
},
{
"name": "https://github.com/sulu/sulu/commit/ec9c3f99e15336dc4f6877f512300f231c17c6da",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/commit/ec9c3f99e15336dc4f6877f512300f231c17c6da"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.2.0, \u003c 2.4.17"
},
{
"status": "affected",
"version": "\u003e= 2.5.0-alpha1, \u003c 2.5.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The problem is patched in versions 2.4.17 and 2.5.13. Some workarounds are available. One may apply the patch to `vendor/symfony/security-http/HttpUtils.php` manually or avoid installing `symfony/security-http` versions greater equal than `v5.4.30` or `v6.3.6`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T19:33:11.798Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-jr83-m233-gg6p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-jr83-m233-gg6p"
},
{
"name": "https://github.com/sulu/sulu/commit/ec9c3f99e15336dc4f6877f512300f231c17c6da",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/commit/ec9c3f99e15336dc4f6877f512300f231c17c6da"
}
],
"source": {
"advisory": "GHSA-jr83-m233-gg6p",
"discovery": "UNKNOWN"
},
"title": "Sulu grants access to pages regardless of role permissions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27915",
"datePublished": "2024-03-06T19:33:11.798Z",
"dateReserved": "2024-02-28T15:14:14.213Z",
"dateUpdated": "2025-04-16T15:54:40.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24807 (GCVE-0-2024-24807)
Vulnerability from cvelistv5 – Published: 2024-02-05 20:09 – Updated: 2024-08-01 23:28
VLAI?
Title
Sulu is vulnerable to HTML Injection via Autocomplete Suggestion
Summary
Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones affected. The problem is patched with version(s) 2.4.16 and 2.5.12.
Severity ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sulu:sulu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:sulu:sulu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T19:25:07.228689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:18.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-gfrh-gwqc-63cv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-gfrh-gwqc-63cv"
},
{
"name": "https://github.com/sulu/sulu/releases/tag/2.4.16",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/releases/tag/2.4.16"
},
{
"name": "https://github.com/sulu/sulu/releases/tag/2.5.12",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/releases/tag/2.5.12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.4.16"
},
{
"status": "affected",
"version": "\u003e= 2.5.0, \u003c 2.5.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones affected. The problem is patched with version(s) 2.4.16 and 2.5.12."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T20:09:36.891Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-gfrh-gwqc-63cv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-gfrh-gwqc-63cv"
},
{
"name": "https://github.com/sulu/sulu/releases/tag/2.4.16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/releases/tag/2.4.16"
},
{
"name": "https://github.com/sulu/sulu/releases/tag/2.5.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/releases/tag/2.5.12"
}
],
"source": {
"advisory": "GHSA-gfrh-gwqc-63cv",
"discovery": "UNKNOWN"
},
"title": "Sulu is vulnerable to HTML Injection via Autocomplete Suggestion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24807",
"datePublished": "2024-02-05T20:09:36.891Z",
"dateReserved": "2024-01-31T16:28:17.941Z",
"dateUpdated": "2024-08-01T23:28:12.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39343 (GCVE-0-2023-39343)
Vulnerability from cvelistv5 – Published: 2023-08-04 00:06 – Updated: 2024-10-03 18:21
VLAI?
Title
Sulu Observable Response Discrepancy on Admin Login
Summary
Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10.
Severity ?
4.3 (Medium)
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr"
},
{
"name": "https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b"
},
{
"name": "https://github.com/sulu/sulu/releases/tag/2.5.10",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/releases/tag/2.5.10"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T18:21:36.480062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T18:21:46.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.5.0, \u003c 2.5.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204: Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-04T00:06:29.997Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr"
},
{
"name": "https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b"
},
{
"name": "https://github.com/sulu/sulu/releases/tag/2.5.10",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/releases/tag/2.5.10"
}
],
"source": {
"advisory": "GHSA-wmwf-49vv-p3mr",
"discovery": "UNKNOWN"
},
"title": "Sulu Observable Response Discrepancy on Admin Login"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-39343",
"datePublished": "2023-08-04T00:06:29.997Z",
"dateReserved": "2023-07-28T13:26:46.476Z",
"dateUpdated": "2024-10-03T18:21:46.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43836 (GCVE-0-2021-43836)
Vulnerability from cvelistv5 – Published: 2021-12-15 20:10 – Updated: 2024-08-04 04:10
VLAI?
Title
PHP file inclusion in the Sulu admin panel
Summary
Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service `sulu_route.generator.expression_token_provider` and wrap the translator before passing it to the expression language.
Severity ?
8.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:16.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.44"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.18"
},
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.3.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service `sulu_route.generator.expression_token_provider` and wrap the translator before passing it to the expression language."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-15T20:10:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54"
}
],
"source": {
"advisory": "GHSA-vx6j-pjrh-vgjh",
"discovery": "UNKNOWN"
},
"title": "PHP file inclusion in the Sulu admin panel",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43836",
"STATE": "PUBLIC",
"TITLE": "PHP file inclusion in the Sulu admin panel"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sulu",
"version": {
"version_data": [
{
"version_value": "\u003c 1.6.44"
},
{
"version_value": "\u003e= 2.0.0, \u003c 2.2.18"
},
{
"version_value": "\u003e= 2.3.0, \u003c 2.3.8"
}
]
}
}
]
},
"vendor_name": "sulu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service `sulu_route.generator.expression_token_provider` and wrap the translator before passing it to the expression language."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh",
"refsource": "CONFIRM",
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh"
},
{
"name": "https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54",
"refsource": "MISC",
"url": "https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54"
}
]
},
"source": {
"advisory": "GHSA-vx6j-pjrh-vgjh",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43836",
"datePublished": "2021-12-15T20:10:10",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:10:16.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43835 (GCVE-0-2021-43835)
Vulnerability from cvelistv5 – Published: 2021-12-15 20:00 – Updated: 2024-08-04 04:10
VLAI?
Title
Privilege escalation in the Sulu Admin panel
Summary
Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not already had. This issue was introduced in 2.0.0-RC1 with the new ProfileController putAction. The versions have been patched in 2.2.18, 2.3.8 and 2.4.0. For users unable to upgrade the only known workaround is to apply a patch to the ProfileController manually.
Severity ?
7.2 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:15.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-84px-q68r-2fc9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/commit/30bf8b5a4f83b6f2171a696011757d095edaa28a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.18"
},
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.3.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not already had. This issue was introduced in 2.0.0-RC1 with the new ProfileController putAction. The versions have been patched in 2.2.18, 2.3.8 and 2.4.0. For users unable to upgrade the only known workaround is to apply a patch to the ProfileController manually."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-15T20:00:16",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-84px-q68r-2fc9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/commit/30bf8b5a4f83b6f2171a696011757d095edaa28a"
}
],
"source": {
"advisory": "GHSA-84px-q68r-2fc9",
"discovery": "UNKNOWN"
},
"title": "Privilege escalation in the Sulu Admin panel",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43835",
"STATE": "PUBLIC",
"TITLE": "Privilege escalation in the Sulu Admin panel"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sulu",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.0.0, \u003c 2.2.18"
},
{
"version_value": "\u003e= 2.3.0, \u003c 2.3.8"
}
]
}
}
]
},
"vendor_name": "sulu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not already had. This issue was introduced in 2.0.0-RC1 with the new ProfileController putAction. The versions have been patched in 2.2.18, 2.3.8 and 2.4.0. For users unable to upgrade the only known workaround is to apply a patch to the ProfileController manually."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-84px-q68r-2fc9",
"refsource": "CONFIRM",
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-84px-q68r-2fc9"
},
{
"name": "https://github.com/sulu/sulu/commit/30bf8b5a4f83b6f2171a696011757d095edaa28a",
"refsource": "MISC",
"url": "https://github.com/sulu/sulu/commit/30bf8b5a4f83b6f2171a696011757d095edaa28a"
}
]
},
"source": {
"advisory": "GHSA-84px-q68r-2fc9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43835",
"datePublished": "2021-12-15T20:00:16",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:10:15.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41169 (GCVE-0-2021-41169)
Vulnerability from cvelistv5 – Published: 2021-10-21 20:25 – Updated: 2024-08-04 02:59
VLAI?
Title
Improper Neutralization HTML tags in sulu/sulu
Summary
Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.
Severity ?
6.2 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.43"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-21T20:25:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445"
}
],
"source": {
"advisory": "GHSA-h58v-g3q6-q9fx",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization HTML tags in sulu/sulu",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41169",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization HTML tags in sulu/sulu"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sulu",
"version": {
"version_data": [
{
"version_value": "\u003c 1.6.43"
}
]
}
}
]
},
"vendor_name": "sulu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx",
"refsource": "CONFIRM",
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx"
},
{
"name": "https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445",
"refsource": "MISC",
"url": "https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445"
}
]
},
"source": {
"advisory": "GHSA-h58v-g3q6-q9fx",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41169",
"datePublished": "2021-10-21T20:25:10",
"dateReserved": "2021-09-15T00:00:00",
"dateUpdated": "2024-08-04T02:59:31.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32737 (GCVE-0-2021-32737)
Vulnerability from cvelistv5 – Published: 2021-07-02 17:55 – Updated: 2024-08-03 23:33
VLAI?
Title
XSS Injection in Media Collection Title was possible
Summary
Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating.
Severity ?
8.4 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-gm2x-6475-g9r8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/releases/tag/1.6.41"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.41"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-02T17:55:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-gm2x-6475-g9r8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/releases/tag/1.6.41"
}
],
"source": {
"advisory": "GHSA-gm2x-6475-g9r8",
"discovery": "UNKNOWN"
},
"title": "XSS Injection in Media Collection Title was possible",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32737",
"STATE": "PUBLIC",
"TITLE": "XSS Injection in Media Collection Title was possible"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sulu",
"version": {
"version_data": [
{
"version_value": "\u003c 1.6.41"
}
]
}
}
]
},
"vendor_name": "sulu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-gm2x-6475-g9r8",
"refsource": "CONFIRM",
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-gm2x-6475-g9r8"
},
{
"name": "https://github.com/sulu/sulu/releases/tag/1.6.41",
"refsource": "MISC",
"url": "https://github.com/sulu/sulu/releases/tag/1.6.41"
}
]
},
"source": {
"advisory": "GHSA-gm2x-6475-g9r8",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32737",
"datePublished": "2021-07-02T17:55:09",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47778 (GCVE-0-2025-47778)
Vulnerability from nvd – Published: 2025-05-14 15:29 – Updated: 2025-05-14 18:13
VLAI?
Title
Sulu vulnerable to XXE in SVG File upload Inspector
Summary
Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has been patched in versions 2.6.9, 2.5.25, and 3.0.0-alpha3. As a workaround, one may patch the effect file `src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php` manually.
Severity ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T18:13:08.671516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T18:13:14.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.5.21, \u003c 2.5.25"
},
{
"status": "affected",
"version": "\u003e= 2.6.5, \u003c 2.6.9"
},
{
"status": "affected",
"version": "\u003e= 3.0.0-alpha1, \u003c 3.0.0-alpha3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has been patched in versions 2.6.9, 2.5.25, and 3.0.0-alpha3. As a workaround, one may patch the effect file `src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php` manually."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T15:29:08.187Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-f6rx-hf55-4255",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-f6rx-hf55-4255"
},
{
"name": "https://github.com/sulu/sulu/commit/02f52fca04eb9495b9b4a0c5cc64cf23bc27f544",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/commit/02f52fca04eb9495b9b4a0c5cc64cf23bc27f544"
},
{
"name": "https://github.com/sulu/sulu/blob/2.6/src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/blob/2.6/src/Sulu/Bundle/MediaBundle/FileInspector/SvgFileInspector.php"
}
],
"source": {
"advisory": "GHSA-f6rx-hf55-4255",
"discovery": "UNKNOWN"
},
"title": "Sulu vulnerable to XXE in SVG File upload Inspector"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47778",
"datePublished": "2025-05-14T15:29:08.187Z",
"dateReserved": "2025-05-09T19:49:35.620Z",
"dateUpdated": "2025-05-14T18:13:14.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47617 (GCVE-0-2024-47617)
Vulnerability from nvd – Published: 2024-10-03 14:24 – Updated: 2024-10-08 13:33
VLAI?
Title
Reflected XSS Vulnerability in Sulu Media Bundle
Summary
Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting (XSS) issue, which could potentially allow attackers to steal sensitive information, manipulate the website's content, or perform actions on behalf of the victim. This vulnerability is fixed in 2.6.5 and 2.5.21.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47617",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T14:38:49.459437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T13:33:43.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.6.4, \u003c 2.6.5"
},
{
"status": "affected",
"version": "\u003e= 2.5.20, \u003c 2.5.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting (XSS) issue, which could potentially allow attackers to steal sensitive information, manipulate the website\u0027s content, or perform actions on behalf of the victim. This vulnerability is fixed in 2.6.5 and 2.5.21."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T14:24:44.300Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-6784-9c82-vr85",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-6784-9c82-vr85"
},
{
"name": "https://github.com/sulu/sulu/commit/a5a5ae555d282e88ff8559d38cfb46dea7939bda",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/commit/a5a5ae555d282e88ff8559d38cfb46dea7939bda"
},
{
"name": "https://github.com/sulu/sulu/commit/eeacd14b6cf55f710084788140d40ebb00314b29",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/commit/eeacd14b6cf55f710084788140d40ebb00314b29"
}
],
"source": {
"advisory": "GHSA-6784-9c82-vr85",
"discovery": "UNKNOWN"
},
"title": "Reflected XSS Vulnerability in Sulu Media Bundle"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47617",
"datePublished": "2024-10-03T14:24:44.300Z",
"dateReserved": "2024-09-27T20:37:22.121Z",
"dateUpdated": "2024-10-08T13:33:43.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47618 (GCVE-0-2024-47618)
Vulnerability from nvd – Published: 2024-10-03 14:18 – Updated: 2024-10-18 14:42
VLAI?
Title
Sulu vulnerable to XSS via uploaded SVG
Summary
Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims’ (other users including admins) browsers. This issue is fixed in 2.6.5.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T13:20:32.450553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T13:34:22.787Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0-RC1, \u003c 2.5.21"
},
{
"status": "affected",
"version": "\u003e= 2.6.0-RC1, \u003c 2.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the \u201cMedia\u201d section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims\u2019 (other users including admins) browsers. This issue is fixed in 2.6.5."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T14:42:45.592Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-255w-87rh-rg44",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-255w-87rh-rg44"
},
{
"name": "https://github.com/sulu/sulu/commit/ca72f75eebe41ea7726624d8aea7da6c425f1eb9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/commit/ca72f75eebe41ea7726624d8aea7da6c425f1eb9"
}
],
"source": {
"advisory": "GHSA-255w-87rh-rg44",
"discovery": "UNKNOWN"
},
"title": "Sulu vulnerable to XSS via uploaded SVG"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47618",
"datePublished": "2024-10-03T14:18:02.129Z",
"dateReserved": "2024-09-27T20:37:22.121Z",
"dateUpdated": "2024-10-18T14:42:45.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27915 (GCVE-0-2024-27915)
Vulnerability from nvd – Published: 2024-03-06 19:33 – Updated: 2025-04-16 15:54
VLAI?
Title
Sulu grants access to pages regardless of role permissions
Summary
Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The problem is patched in versions 2.4.17 and 2.5.13. Some workarounds are available. One may apply the patch to `vendor/symfony/security-http/HttpUtils.php` manually or avoid installing `symfony/security-http` versions greater equal than `v5.4.30` or `v6.3.6`.
Severity ?
6.8 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"lessThan": "2.4.17",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
},
{
"lessThan": "2.5.13",
"status": "affected",
"version": "2.5.0-alpha1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T16:35:44.612681Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T15:54:40.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-jr83-m233-gg6p",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-jr83-m233-gg6p"
},
{
"name": "https://github.com/sulu/sulu/commit/ec9c3f99e15336dc4f6877f512300f231c17c6da",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/commit/ec9c3f99e15336dc4f6877f512300f231c17c6da"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.2.0, \u003c 2.4.17"
},
{
"status": "affected",
"version": "\u003e= 2.5.0-alpha1, \u003c 2.5.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The problem is patched in versions 2.4.17 and 2.5.13. Some workarounds are available. One may apply the patch to `vendor/symfony/security-http/HttpUtils.php` manually or avoid installing `symfony/security-http` versions greater equal than `v5.4.30` or `v6.3.6`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T19:33:11.798Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-jr83-m233-gg6p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-jr83-m233-gg6p"
},
{
"name": "https://github.com/sulu/sulu/commit/ec9c3f99e15336dc4f6877f512300f231c17c6da",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/commit/ec9c3f99e15336dc4f6877f512300f231c17c6da"
}
],
"source": {
"advisory": "GHSA-jr83-m233-gg6p",
"discovery": "UNKNOWN"
},
"title": "Sulu grants access to pages regardless of role permissions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27915",
"datePublished": "2024-03-06T19:33:11.798Z",
"dateReserved": "2024-02-28T15:14:14.213Z",
"dateUpdated": "2025-04-16T15:54:40.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24807 (GCVE-0-2024-24807)
Vulnerability from nvd – Published: 2024-02-05 20:09 – Updated: 2024-08-01 23:28
VLAI?
Title
Sulu is vulnerable to HTML Injection via Autocomplete Suggestion
Summary
Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones affected. The problem is patched with version(s) 2.4.16 and 2.5.12.
Severity ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sulu:sulu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:sulu:sulu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T19:25:07.228689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:18.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-gfrh-gwqc-63cv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-gfrh-gwqc-63cv"
},
{
"name": "https://github.com/sulu/sulu/releases/tag/2.4.16",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/releases/tag/2.4.16"
},
{
"name": "https://github.com/sulu/sulu/releases/tag/2.5.12",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/releases/tag/2.5.12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.4.16"
},
{
"status": "affected",
"version": "\u003e= 2.5.0, \u003c 2.5.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones affected. The problem is patched with version(s) 2.4.16 and 2.5.12."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T20:09:36.891Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-gfrh-gwqc-63cv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-gfrh-gwqc-63cv"
},
{
"name": "https://github.com/sulu/sulu/releases/tag/2.4.16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/releases/tag/2.4.16"
},
{
"name": "https://github.com/sulu/sulu/releases/tag/2.5.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/releases/tag/2.5.12"
}
],
"source": {
"advisory": "GHSA-gfrh-gwqc-63cv",
"discovery": "UNKNOWN"
},
"title": "Sulu is vulnerable to HTML Injection via Autocomplete Suggestion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24807",
"datePublished": "2024-02-05T20:09:36.891Z",
"dateReserved": "2024-01-31T16:28:17.941Z",
"dateUpdated": "2024-08-01T23:28:12.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39343 (GCVE-0-2023-39343)
Vulnerability from nvd – Published: 2023-08-04 00:06 – Updated: 2024-10-03 18:21
VLAI?
Title
Sulu Observable Response Discrepancy on Admin Login
Summary
Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10.
Severity ?
4.3 (Medium)
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr"
},
{
"name": "https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b"
},
{
"name": "https://github.com/sulu/sulu/releases/tag/2.5.10",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/releases/tag/2.5.10"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T18:21:36.480062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T18:21:46.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.5.0, \u003c 2.5.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204: Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-04T00:06:29.997Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr"
},
{
"name": "https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b"
},
{
"name": "https://github.com/sulu/sulu/releases/tag/2.5.10",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/releases/tag/2.5.10"
}
],
"source": {
"advisory": "GHSA-wmwf-49vv-p3mr",
"discovery": "UNKNOWN"
},
"title": "Sulu Observable Response Discrepancy on Admin Login"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-39343",
"datePublished": "2023-08-04T00:06:29.997Z",
"dateReserved": "2023-07-28T13:26:46.476Z",
"dateUpdated": "2024-10-03T18:21:46.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43836 (GCVE-0-2021-43836)
Vulnerability from nvd – Published: 2021-12-15 20:10 – Updated: 2024-08-04 04:10
VLAI?
Title
PHP file inclusion in the Sulu admin panel
Summary
Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service `sulu_route.generator.expression_token_provider` and wrap the translator before passing it to the expression language.
Severity ?
8.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:16.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.44"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.18"
},
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.3.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service `sulu_route.generator.expression_token_provider` and wrap the translator before passing it to the expression language."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-15T20:10:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54"
}
],
"source": {
"advisory": "GHSA-vx6j-pjrh-vgjh",
"discovery": "UNKNOWN"
},
"title": "PHP file inclusion in the Sulu admin panel",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43836",
"STATE": "PUBLIC",
"TITLE": "PHP file inclusion in the Sulu admin panel"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sulu",
"version": {
"version_data": [
{
"version_value": "\u003c 1.6.44"
},
{
"version_value": "\u003e= 2.0.0, \u003c 2.2.18"
},
{
"version_value": "\u003e= 2.3.0, \u003c 2.3.8"
}
]
}
}
]
},
"vendor_name": "sulu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service `sulu_route.generator.expression_token_provider` and wrap the translator before passing it to the expression language."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh",
"refsource": "CONFIRM",
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh"
},
{
"name": "https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54",
"refsource": "MISC",
"url": "https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54"
}
]
},
"source": {
"advisory": "GHSA-vx6j-pjrh-vgjh",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43836",
"datePublished": "2021-12-15T20:10:10",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:10:16.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43835 (GCVE-0-2021-43835)
Vulnerability from nvd – Published: 2021-12-15 20:00 – Updated: 2024-08-04 04:10
VLAI?
Title
Privilege escalation in the Sulu Admin panel
Summary
Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not already had. This issue was introduced in 2.0.0-RC1 with the new ProfileController putAction. The versions have been patched in 2.2.18, 2.3.8 and 2.4.0. For users unable to upgrade the only known workaround is to apply a patch to the ProfileController manually.
Severity ?
7.2 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:15.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-84px-q68r-2fc9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/commit/30bf8b5a4f83b6f2171a696011757d095edaa28a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.18"
},
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.3.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not already had. This issue was introduced in 2.0.0-RC1 with the new ProfileController putAction. The versions have been patched in 2.2.18, 2.3.8 and 2.4.0. For users unable to upgrade the only known workaround is to apply a patch to the ProfileController manually."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-15T20:00:16",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-84px-q68r-2fc9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/commit/30bf8b5a4f83b6f2171a696011757d095edaa28a"
}
],
"source": {
"advisory": "GHSA-84px-q68r-2fc9",
"discovery": "UNKNOWN"
},
"title": "Privilege escalation in the Sulu Admin panel",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43835",
"STATE": "PUBLIC",
"TITLE": "Privilege escalation in the Sulu Admin panel"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sulu",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.0.0, \u003c 2.2.18"
},
{
"version_value": "\u003e= 2.3.0, \u003c 2.3.8"
}
]
}
}
]
},
"vendor_name": "sulu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not already had. This issue was introduced in 2.0.0-RC1 with the new ProfileController putAction. The versions have been patched in 2.2.18, 2.3.8 and 2.4.0. For users unable to upgrade the only known workaround is to apply a patch to the ProfileController manually."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-84px-q68r-2fc9",
"refsource": "CONFIRM",
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-84px-q68r-2fc9"
},
{
"name": "https://github.com/sulu/sulu/commit/30bf8b5a4f83b6f2171a696011757d095edaa28a",
"refsource": "MISC",
"url": "https://github.com/sulu/sulu/commit/30bf8b5a4f83b6f2171a696011757d095edaa28a"
}
]
},
"source": {
"advisory": "GHSA-84px-q68r-2fc9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43835",
"datePublished": "2021-12-15T20:00:16",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:10:15.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41169 (GCVE-0-2021-41169)
Vulnerability from nvd – Published: 2021-10-21 20:25 – Updated: 2024-08-04 02:59
VLAI?
Title
Improper Neutralization HTML tags in sulu/sulu
Summary
Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.
Severity ?
6.2 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.43"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-21T20:25:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445"
}
],
"source": {
"advisory": "GHSA-h58v-g3q6-q9fx",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization HTML tags in sulu/sulu",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41169",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization HTML tags in sulu/sulu"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sulu",
"version": {
"version_data": [
{
"version_value": "\u003c 1.6.43"
}
]
}
}
]
},
"vendor_name": "sulu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx",
"refsource": "CONFIRM",
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx"
},
{
"name": "https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445",
"refsource": "MISC",
"url": "https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445"
}
]
},
"source": {
"advisory": "GHSA-h58v-g3q6-q9fx",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41169",
"datePublished": "2021-10-21T20:25:10",
"dateReserved": "2021-09-15T00:00:00",
"dateUpdated": "2024-08-04T02:59:31.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32737 (GCVE-0-2021-32737)
Vulnerability from nvd – Published: 2021-07-02 17:55 – Updated: 2024-08-03 23:33
VLAI?
Title
XSS Injection in Media Collection Title was possible
Summary
Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating.
Severity ?
8.4 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-gm2x-6475-g9r8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sulu/sulu/releases/tag/1.6.41"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sulu",
"vendor": "sulu",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.41"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-02T17:55:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-gm2x-6475-g9r8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sulu/sulu/releases/tag/1.6.41"
}
],
"source": {
"advisory": "GHSA-gm2x-6475-g9r8",
"discovery": "UNKNOWN"
},
"title": "XSS Injection in Media Collection Title was possible",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32737",
"STATE": "PUBLIC",
"TITLE": "XSS Injection in Media Collection Title was possible"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sulu",
"version": {
"version_data": [
{
"version_value": "\u003c 1.6.41"
}
]
}
}
]
},
"vendor_name": "sulu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sulu/sulu/security/advisories/GHSA-gm2x-6475-g9r8",
"refsource": "CONFIRM",
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-gm2x-6475-g9r8"
},
{
"name": "https://github.com/sulu/sulu/releases/tag/1.6.41",
"refsource": "MISC",
"url": "https://github.com/sulu/sulu/releases/tag/1.6.41"
}
]
},
"source": {
"advisory": "GHSA-gm2x-6475-g9r8",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32737",
"datePublished": "2021-07-02T17:55:09",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2024-47618
Vulnerability from fkie_nvd - Published: 2024-10-03 15:15 - Updated: 2024-10-08 14:31
Severity ?
Summary
Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims’ (other users including admins) browsers. This issue is fixed in 2.6.5.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B65140D-3A0E-4E34-8E65-36936BF03195",
"versionEndExcluding": "2.6.5",
"versionStartExcluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sulu:sulu:2.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "22FC3A80-4377-439B-93A6-8FF2EB7BA9F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sulu:sulu:2.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "712ADF94-5F2D-4347-B6E8-704FBBF097DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sulu:sulu:2.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6BD27DD5-D0BB-40A9-AFD7-881B66E54D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sulu:sulu:2.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A8043D82-A8C5-4927-B605-C72D6947A5AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the \u201cMedia\u201d section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims\u2019 (other users including admins) browsers. This issue is fixed in 2.6.5."
},
{
"lang": "es",
"value": "Sulu es un sistema de gesti\u00f3n de contenido PHP. Sulu es vulnerable a XSS, ya que un usuario con pocos privilegios y acceso a la secci\u00f3n \u201cMedios\u201d puede cargar un archivo SVG con una carga maliciosa. Una vez cargado y accedido, el c\u00f3digo JavaScript malicioso se ejecutar\u00e1 en los navegadores de las v\u00edctimas (otros usuarios, incluidos los administradores). Este problema se solucion\u00f3 en la versi\u00f3n 2.6.5."
}
],
"id": "CVE-2024-47618",
"lastModified": "2024-10-08T14:31:08.180",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-10-03T15:15:15.147",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/sulu/sulu/commit/ca72f75eebe41ea7726624d8aea7da6c425f1eb9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-255w-87rh-rg44"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-47617
Vulnerability from fkie_nvd - Published: 2024-10-03 15:15 - Updated: 2024-10-08 14:23
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting (XSS) issue, which could potentially allow attackers to steal sensitive information, manipulate the website's content, or perform actions on behalf of the victim. This vulnerability is fixed in 2.6.5 and 2.5.21.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sulu:sulu:2.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E7EFCD27-01AC-4C20-9F92-E1F1F0D9DFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sulu:sulu:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C2DEEB21-3616-43D0-935D-95FDCFC361F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting (XSS) issue, which could potentially allow attackers to steal sensitive information, manipulate the website\u0027s content, or perform actions on behalf of the victim. This vulnerability is fixed in 2.6.5 and 2.5.21."
},
{
"lang": "es",
"value": "Sulu es un sistema de gesti\u00f3n de contenido PHP. Esta vulnerabilidad permite a un atacante inyectar c\u00f3digo HTML/JavaScript arbitrario a trav\u00e9s de la URL de descarga de medios en Sulu CMS. Afecta al componente SuluMediaBundle. La vulnerabilidad es un problema de Cross-Site Scripting (XSS) Reflejado, que podr\u00eda permitir a los atacantes robar informaci\u00f3n confidencial, manipular el contenido del sitio web o realizar acciones en nombre de la v\u00edctima. Esta vulnerabilidad se ha corregido en las versiones 2.6.5 y 2.5.21."
}
],
"id": "CVE-2024-47617",
"lastModified": "2024-10-08T14:23:38.597",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-03T15:15:14.937",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/sulu/sulu/commit/a5a5ae555d282e88ff8559d38cfb46dea7939bda"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/sulu/sulu/commit/eeacd14b6cf55f710084788140d40ebb00314b29"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-6784-9c82-vr85"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-27915
Vulnerability from fkie_nvd - Published: 2024-03-06 20:15 - Updated: 2025-01-08 18:37
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The problem is patched in versions 2.4.17 and 2.5.13. Some workarounds are available. One may apply the patch to `vendor/symfony/security-http/HttpUtils.php` manually or avoid installing `symfony/security-http` versions greater equal than `v5.4.30` or `v6.3.6`.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "552E4458-5771-4AF7-B8CB-D742280EF855",
"versionEndExcluding": "2.4.17",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A934DEB-DB97-4461-8542-588A268F9060",
"versionEndExcluding": "2.5.13",
"versionStartIncluding": "2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The problem is patched in versions 2.4.17 and 2.5.13. Some workarounds are available. One may apply the patch to `vendor/symfony/security-http/HttpUtils.php` manually or avoid installing `symfony/security-http` versions greater equal than `v5.4.30` or `v6.3.6`."
},
{
"lang": "es",
"value": "Sulu es un sistema de gesti\u00f3n de contenidos PHP. A partir de la versi\u00f3n 2.2.0 y anteriores a la versi\u00f3n 2.4.17 y 2.5.13, el acceso a las p\u00e1ginas se otorga independientemente de los permisos de funci\u00f3n para los espacios web que tienen un sistema de seguridad configurado y la verificaci\u00f3n de permisos habilitada. Los espacios web sin \u00e9l no tienen este problema. El problema est\u00e1 solucionado en las versiones 2.4.17 y 2.5.13. Algunas soluciones est\u00e1n disponibles. Se puede aplicar el parche a `vendor/symfony/security-http/HttpUtils.php` manualmente o evitar instalar versiones de `symfony/security-http` mayores que `v5.4.30` o `v6.3.6`."
}
],
"id": "CVE-2024-27915",
"lastModified": "2025-01-08T18:37:37.653",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-06T20:15:47.930",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/sulu/sulu/commit/ec9c3f99e15336dc4f6877f512300f231c17c6da"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-jr83-m233-gg6p"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/sulu/sulu/commit/ec9c3f99e15336dc4f6877f512300f231c17c6da"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-jr83-m233-gg6p"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-24807
Vulnerability from fkie_nvd - Published: 2024-02-05 21:15 - Updated: 2024-11-21 08:59
Severity ?
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones affected. The problem is patched with version(s) 2.4.16 and 2.5.12.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0800F014-E0B5-4227-A1A5-D52CCFF36C36",
"versionEndExcluding": "2.4.16",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA81B8E-D39D-4AB5-98FA-410DD9648F31",
"versionEndExcluding": "2.5.12",
"versionStartIncluding": "2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones affected. The problem is patched with version(s) 2.4.16 and 2.5.12."
},
{
"lang": "es",
"value": "Sulu es un sistema de gesti\u00f3n de contenidos PHP de c\u00f3digo abierto altamente extensible basado en el framework Symfony. Hay un problema al ingresar HTML en el nombre de la etiqueta. El HTML se ejecuta cuando el nombre de la etiqueta aparece en el formulario de autocompletar. S\u00f3lo los usuarios administradores pueden crear etiquetas, por lo que ellos son los \u00fanicos afectados. El problema se solucion\u00f3 con las versiones 2.4.16 y 2.5.12."
}
],
"id": "CVE-2024-24807",
"lastModified": "2024-11-21T08:59:45.297",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-05T21:15:12.557",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/sulu/sulu/releases/tag/2.4.16"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/sulu/sulu/releases/tag/2.5.12"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-gfrh-gwqc-63cv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/sulu/sulu/releases/tag/2.4.16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/sulu/sulu/releases/tag/2.5.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-gfrh-gwqc-63cv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-39343
Vulnerability from fkie_nvd - Published: 2023-08-04 01:15 - Updated: 2024-11-21 08:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A840F85F-B8DC-41C1-81BE-691995D30ADF",
"versionEndExcluding": "2.5.10",
"versionStartIncluding": "2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10. \n\n"
}
],
"id": "CVE-2023-39343",
"lastModified": "2024-11-21T08:15:11.757",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-04T01:15:10.250",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/sulu/sulu/releases/tag/2.5.10"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/sulu/sulu/commit/5f6c98ba030b2005793e2dc647cc938937ea889b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/sulu/sulu/releases/tag/2.5.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-204"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-43835
Vulnerability from fkie_nvd - Published: 2021-12-15 20:15 - Updated: 2024-11-21 06:29
Severity ?
Summary
Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not already had. This issue was introduced in 2.0.0-RC1 with the new ProfileController putAction. The versions have been patched in 2.2.18, 2.3.8 and 2.4.0. For users unable to upgrade the only known workaround is to apply a patch to the ProfileController manually.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/sulu/sulu/commit/30bf8b5a4f83b6f2171a696011757d095edaa28a | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/sulu/sulu/security/advisories/GHSA-84px-q68r-2fc9 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sulu/sulu/commit/30bf8b5a4f83b6f2171a696011757d095edaa28a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sulu/sulu/security/advisories/GHSA-84px-q68r-2fc9 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6E9B64-0B43-40AD-B0B4-C8BA5EEA6F31",
"versionEndExcluding": "2.2.18",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "354C0B42-D950-497B-B3B7-09EA07063564",
"versionEndExcluding": "2.3.8",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sulu:sulu:2.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2889EBAA-7A15-436C-9658-CA67F7122DC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not already had. This issue was introduced in 2.0.0-RC1 with the new ProfileController putAction. The versions have been patched in 2.2.18, 2.3.8 and 2.4.0. For users unable to upgrade the only known workaround is to apply a patch to the ProfileController manually."
},
{
"lang": "es",
"value": "Sulu es un sistema de administraci\u00f3n de contenidos PHP de c\u00f3digo abierto basado en el framework Symfony. En las versiones afectadas, los usuarios de Sulu que presentan acceso a cualquier subconjunto de la interfaz de usuario de administraci\u00f3n son capaces de elevar sus privilegios. A trav\u00e9s de la API era posible que se dieran permisos a \u00e1reas que a\u00fan no ten\u00edan. Este problema se introdujo en la versi\u00f3n 2.0.0-RC1 con el nuevo ProfileController putAction. Las versiones han sido parcheadas en 2.2.18, 2.3.8 y 2.4.0. Para usuarios que no puedan actualizar, la \u00fanica soluci\u00f3n conocida es aplicar un parche al ProfileController manualmente"
}
],
"id": "CVE-2021-43835",
"lastModified": "2024-11-21T06:29:53.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2021-12-15T20:15:08.677",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/sulu/sulu/commit/30bf8b5a4f83b6f2171a696011757d095edaa28a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-84px-q68r-2fc9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/sulu/sulu/commit/30bf8b5a4f83b6f2171a696011757d095edaa28a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-84px-q68r-2fc9"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-43836
Vulnerability from fkie_nvd - Published: 2021-12-15 20:15 - Updated: 2024-11-21 06:29
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service `sulu_route.generator.expression_token_provider` and wrap the translator before passing it to the expression language.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "838D4309-D6D9-4884-B6C7-F4529DD7AD68",
"versionEndExcluding": "1.6.44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6E9B64-0B43-40AD-B0B4-C8BA5EEA6F31",
"versionEndExcluding": "2.2.18",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "354C0B42-D950-497B-B3B7-09EA07063564",
"versionEndExcluding": "2.3.8",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sulu:sulu:2.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2889EBAA-7A15-436C-9658-CA67F7122DC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service `sulu_route.generator.expression_token_provider` and wrap the translator before passing it to the expression language."
},
{
"lang": "es",
"value": "Sulu es un sistema de administraci\u00f3n de contenidos PHP de c\u00f3digo abierto basado en el framework Symfony. En las versiones afectadas, un atacante puede leer archivos locales arbitrarios por medio de una inclusi\u00f3n de archivos PHP. En una configuraci\u00f3n por defecto esto tambi\u00e9n conlleva a una ejecuci\u00f3n de c\u00f3digo remota. El problema est\u00e1 parcheado con las versiones 1.6.44, 2.2.18, 2.3.8, 2.4.0. Para usuarios que no puedan actualizar sobrescribir el servicio \"sulu_route.generator.expression_token_provider\" y envolver el traductor antes de pasarlo al lenguaje de expresi\u00f3n"
}
],
"id": "CVE-2021-43836",
"lastModified": "2024-11-21T06:29:53.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-15T20:15:08.733",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/sulu/sulu/commit/9c948f9ce350c68b53af8c3910e2cefc7f722b54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-41169
Vulnerability from fkie_nvd - Published: 2021-10-21 21:15 - Updated: 2024-11-21 06:25
Severity ?
6.2 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D351AF-03E0-4B53-A95D-8F70BBC17799",
"versionEndExcluding": "1.6.43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade."
},
{
"lang": "es",
"value": "Sulu es un sistema de administraci\u00f3n de contenidos PHP de c\u00f3digo abierto basado en el framework Symfony. En versiones anteriores a 1.6.43, est\u00e1 sujeto a ataques de tipo cross site scripting almacenados. La entrada de HTML en los nombres de las etiquetas no est\u00e1 saneada apropiadamente. S\u00f3lo usuarios administradores pueden crear etiquetas. Se aconseja a los usuarios que actualicen"
}
],
"id": "CVE-2021-41169",
"lastModified": "2024-11-21T06:25:39.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-21T21:15:08.303",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/sulu/sulu/commit/20007ac70a3af3c9e53a6acb0ef8794b65642445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-h58v-g3q6-q9fx"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-32737
Vulnerability from fkie_nvd - Published: 2021-07-02 18:15 - Updated: 2024-11-21 06:07
Severity ?
8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/sulu/sulu/releases/tag/1.6.41 | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://github.com/sulu/sulu/security/advisories/GHSA-gm2x-6475-g9r8 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sulu/sulu/releases/tag/1.6.41 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sulu/sulu/security/advisories/GHSA-gm2x-6475-g9r8 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90800C58-EEBC-4655-9A8E-5BAF98D83821",
"versionEndExcluding": "1.6.41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating."
},
{
"lang": "es",
"value": "Sulu es un sistema de administraci\u00f3n de contenidos PHP de c\u00f3digo abierto basado en el framework Symfony. En las versiones de Sulu anteriores a 1.6.41, es posible para un usuario administrador conectado a\u00f1adir una inyecci\u00f3n de script (cross-site-scripting) en el t\u00edtulo de la colecci\u00f3n. El problema est\u00e1 parcheado en la versi\u00f3n 1.6.41. Como soluci\u00f3n alternativa, se puede parchear manualmente los archivos JavaScript afectados en lugar de actualizarlos"
}
],
"id": "CVE-2021-32737",
"lastModified": "2024-11-21T06:07:38.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-02T18:15:09.603",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/sulu/sulu/releases/tag/1.6.41"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-gm2x-6475-g9r8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/sulu/sulu/releases/tag/1.6.41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-gm2x-6475-g9r8"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-15132
Vulnerability from fkie_nvd - Published: 2020-08-05 21:15 - Updated: 2024-11-21 05:04
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message saying that this user name does not exist. This enables attackers to retrieve valid usernames. Also, the response of the "Forgot Password" request returns the email address to which the email was sent, if the operation was successful. This information should not be exposed, as it can be used to gather email addresses. This problem was fixed in versions 1.6.35, 2.0.10 and 2.1.1.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/sulu/sulu/security/advisories/GHSA-wfm4-pq59-wg6r | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sulu/sulu/security/advisories/GHSA-wfm4-pq59-wg6r | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BFA30C2-2006-43C3-A87F-5880590273F4",
"versionEndExcluding": "1.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC1F6FD-C1DB-4EC3-A92F-F17107FD3A6C",
"versionEndExcluding": "2.0.10",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4211DB54-B6D2-4445-88A1-D8759252FCA9",
"versionEndExcluding": "2.1.1",
"versionStartIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the \"Forget password\" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message saying that this user name does not exist. This enables attackers to retrieve valid usernames. Also, the response of the \"Forgot Password\" request returns the email address to which the email was sent, if the operation was successful. This information should not be exposed, as it can be used to gather email addresses. This problem was fixed in versions 1.6.35, 2.0.10 and 2.1.1."
},
{
"lang": "es",
"value": "En Sulu anterior a las versiones 1.6.35, 2.0.10 y 2.1.1, cuando se usa la funcionalidad \"Forget password\" en la pantalla de inicio de sesi\u00f3n, Sulu le pregunta al usuario un nombre de usuario o direcci\u00f3n de correo electr\u00f3nico. Si no se encuentra la cadena dada, una respuesta es devuelta con un c\u00f3digo de error \"400\", junto con un mensaje de error que dice que este nombre de usuario no existe. Esto permite a atacantes recuperar nombres de usuario v\u00e1lidos. Adem\u00e1s, la respuesta de la petici\u00f3n \"Forgot Password\" devuelve la direcci\u00f3n de correo electr\u00f3nico a la que se envi\u00f3 el correo electr\u00f3nico, si la operaci\u00f3n tuvo \u00e9xito. Esta informaci\u00f3n no debe ser expuesta, ya que puede ser usada para recopilar direcciones de correo electr\u00f3nico. Este problema se corrigi\u00f3 en las versiones 1.6.35, 2.0.10 y 2.1.1"
}
],
"id": "CVE-2020-15132",
"lastModified": "2024-11-21T05:04:54.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-05T21:15:12.427",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-wfm4-pq59-wg6r"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-wfm4-pq59-wg6r"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}