[MEDIUM] Injection of arbitrary HTML/JavaScript code through the media download URL

PKSA-g1w7-pdzy-w7y7 CVE-2024-47617 GHSA-6784-9c82-vr85

Affected version: >=2.0.0,<=2.5.20|>=2.6.0,<=2.6.4

Reported by:
GitHub

[MEDIUM] Cross-site Scripting via uploaded SVG

PKSA-mxjr-c7nk-459v CVE-2024-47618 GHSA-255w-87rh-rg44

Affected version: >=2.6.0-RC1,<2.6.5|>=2.0.0-RC1,<2.5.21

Reported by:
GitHub

[MEDIUM] Sulu grants access to pages regardless of role permissions

PKSA-ykzr-rw85-c27h CVE-2024-27915 GHSA-jr83-m233-gg6p

Affected version: >=2.5.0-alpha1,<2.5.13|>=2.2.0,<2.4.17

Reported by:
GitHub