sulu/sulu Security Advisories for 2.5.12 (6)
-
[LOW] Sulu: Used API Keys may be available via Admin API
PKSA-2mt7-sd38-1xng GHSA-9m6v-8fxc-4r44
Affected version: <=2.6.22|>=3.0.0-alpha1,<=3.0.5
Reported by:
GitHub -
[MEDIUM] Sulu: Weak Cryptographical usage for API Key generation and Reset Tokens
PKSA-psv3-gm5n-8wm5 CVE-2026-45701 GHSA-7fv8-6pp7-6h85
Affected version: <=2.6.22|>=3.0.0-alpha1,<=3.0.5
Reported by:
GitHub -
[MEDIUM] Sulu checks fix permissions for subentities endpoints
PKSA-s8fv-tzzv-5y3k CVE-2026-34372 GHSA-6h7h-m7p5-hjqp
Affected version: >=3.0.0,<3.0.5|>=1.0.0,<2.6.22
Reported by:
GitHub -
[MEDIUM] Injection of arbitrary HTML/JavaScript code through the media download URL
PKSA-g1w7-pdzy-w7y7 CVE-2024-47617 GHSA-6784-9c82-vr85
Affected version: >=2.0.0,<=2.5.20|>=2.6.0,<=2.6.4
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting via uploaded SVG
PKSA-mxjr-c7nk-459v CVE-2024-47618 GHSA-255w-87rh-rg44
Affected version: >=2.6.0-RC1,<2.6.5|>=2.0.0-RC1,<2.5.21
Reported by:
GitHub -
[MEDIUM] Sulu grants access to pages regardless of role permissions
PKSA-ykzr-rw85-c27h CVE-2024-27915 GHSA-jr83-m233-gg6p
Affected version: >=2.5.0-alpha1,<2.5.13|>=2.2.0,<2.4.17
Reported by:
GitHub