6 matches found
EUVD-2025-14948
Malicious code in bioql PyPI...
GHSA-F6RX-HF55-4255 Sulu vulnerable to XXE in SVG File upload Inspector
Impact A admin user can upload SVG which may load external data via XML DOM library, specially this can be used for eventually reference none secure XML External Entity References. Patches The problem has not been patched yet. Users should upgrade to patched versions once they become available...
CVE-2025-47778
CVE-2025-47778 affects Sulu (2.5.21, 2.6.5, 3.0.0-alpha1). An admin user can upload SVGs that are parsed with XML DOM, enabling XML External Entity (XXE) references. Root cause: SVG processing loads external data via the XML DOM library. Impacts include potential data exposure and integrity conce...
CVE-2025-47778 Sulu vulnerable to XXE in SVG File upload Inspector
Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has...
CVE-2025-47778 Sulu vulnerable to XXE in SVG File upload Inspector
Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has...
Cross Site Scripting (XSS)
sulu/sulu is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a low privileged user with access to the “Media” section being able to upload an SVG file with a malicious payload, allowing an attacker to execute malicious JavaScript in the browsers of other users, including admin...