sulu/sulu Security Advisories for 2.5.3 (4)
-
[MEDIUM] Cross-site Scripting via uploaded SVG
PKSA-mxjr-c7nk-459v CVE-2024-47618 GHSA-255w-87rh-rg44
Affected version: >=2.0.0-RC1,<2.6.5
Reported by:
GitHub -
[MEDIUM] Sulu grants access to pages regardless of role permissions
PKSA-ykzr-rw85-c27h CVE-2024-27915 GHSA-jr83-m233-gg6p
Affected version: >=2.5.0-alpha1,<2.5.13|>=2.2.0,<2.4.17
Reported by:
GitHub -
[LOW] Sulu HTML Injection via Autocomplete Suggestion
PKSA-1zxy-qsnv-h3z4 CVE-2024-24807 GHSA-gfrh-gwqc-63cv
Affected version: >=2.5.0,<2.5.12|>=2.0.0,<2.4.16
Reported by:
GitHub -
[MEDIUM] Observable Response Discrepancy on Admin Login
PKSA-h98d-hq46-k9cs CVE-2023-39343 GHSA-wmwf-49vv-p3mr
Affected version: >=2.5.0,<2.5.10
Reported by:
GitHub, FriendsOfPHP/security-advisories