Lucene search
K

6 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-14948

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.00376EPSS
Exploits0References4
OSV
OSV
added 2025/05/15 4:8 p.m.8 views

GHSA-F6RX-HF55-4255 Sulu vulnerable to XXE in SVG File upload Inspector

Impact A admin user can upload SVG which may load external data via XML DOM library, specially this can be used for eventually reference none secure XML External Entity References. Patches The problem has not been patched yet. Users should upgrade to patched versions once they become available...

8.6CVSS6.6AI score0.00376EPSS
Exploits0References5
CVE
CVE
added 2025/05/14 3:29 p.m.47 views

CVE-2025-47778

CVE-2025-47778 affects Sulu (2.5.21, 2.6.5, 3.0.0-alpha1). An admin user can upload SVGs that are parsed with XML DOM, enabling XML External Entity (XXE) references. Root cause: SVG processing loads external data via the XML DOM library. Impacts include potential data exposure and integrity conce...

8.6CVSS6.7AI score0.00376EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/05/14 3:29 p.m.19 views

CVE-2025-47778 Sulu vulnerable to XXE in SVG File upload Inspector

Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has...

8.6CVSS0.00376EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/14 3:29 p.m.9 views

CVE-2025-47778 Sulu vulnerable to XXE in SVG File upload Inspector

Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may load external data via XML DOM library. This can be used for insecure XML External Entity References. The problem has...

8.6CVSS6.6AI score0.00376EPSS
Exploits0References3
Veracode
Veracode
added 2024/10/08 7:1 a.m.8 views

Cross Site Scripting (XSS)

sulu/sulu is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a low privileged user with access to the “Media” section being able to upload an SVG file with a malicious payload, allowing an attacker to execute malicious JavaScript in the browsers of other users, including admin...

5.4CVSS6.4AI score0.00353EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder