Lucene search

PRIOn knowledge basePRION:CVE-2024-24807

HistoryFeb 05, 2024 - 9:15 p.m.

Design/Logic Flaw

2024-02-0521:15:00

PRIOn knowledge base

www.prio-n.com

sulu cms

logic flaw

html execution

admin users

patched version

nvd

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.3%

JSON

Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones affected. The problem is patched with version(s) 2.4.16 and 2.5.12.

CPENameOperatorVersion
suluge2.5.0
sulult2.5.12
suluge2.0.0
sulult2.4.16

Name	Operator	Version
sulu	ge	2.5.0
sulu	lt	2.5.12
sulu	ge	2.0.0
sulu	lt	2.4.16

References

github.com/sulu/sulu/releases/tag/2.4.16

github.com/sulu/sulu/releases/tag/2.5.12

github.com/sulu/sulu/security/advisories/GHSA-gfrh-gwqc-63cv