Security Advisories - sulu/sulu - Packagist

sulu/sulu Security Advisories (11)

[MEDIUM] Sulu vulnerable to XXE in SVG File upload Inspector

PKSA-tptv-6vj5-qz52 CVE-2025-47778 GHSA-f6rx-hf55-4255

Affected version: >=3.0.0-alpha1,<3.0.0-alpha3|>=2.6.5,<2.6.9|>=2.5.21,<2.5.25

Reported by:
GitHub
[MEDIUM] Injection of arbitrary HTML/JavaScript code through the media download URL

PKSA-g1w7-pdzy-w7y7 CVE-2024-47617 GHSA-6784-9c82-vr85

Affected version: >=2.0.0,<=2.5.20|>=2.6.0,<=2.6.4

Reported by:
GitHub
[MEDIUM] Cross-site Scripting via uploaded SVG

PKSA-mxjr-c7nk-459v CVE-2024-47618 GHSA-255w-87rh-rg44

Affected version: >=2.6.0-RC1,<2.6.5|>=2.0.0-RC1,<2.5.21

Reported by:
GitHub
[MEDIUM] Sulu grants access to pages regardless of role permissions

PKSA-ykzr-rw85-c27h CVE-2024-27915 GHSA-jr83-m233-gg6p

Affected version: >=2.5.0-alpha1,<2.5.13|>=2.2.0,<2.4.17

Reported by:
GitHub
[LOW] Sulu HTML Injection via Autocomplete Suggestion

PKSA-1zxy-qsnv-h3z4 CVE-2024-24807 GHSA-gfrh-gwqc-63cv

Affected version: >=2.5.0,<2.5.12|>=2.0.0,<2.4.16

Reported by:
GitHub
[MEDIUM] Observable Response Discrepancy on Admin Login

PKSA-h98d-hq46-k9cs CVE-2023-39343 GHSA-wmwf-49vv-p3mr

Affected version: >=2.5.0,<2.5.10

Reported by:
GitHub, FriendsOfPHP/security-advisories
[HIGH] Privilege escalation in the Sulu Admin panel

PKSA-drhk-rjxy-c79p CVE-2021-43835 GHSA-84px-q68r-2fc9

Affected version: =2.4.0-RC1|>=2.3.0,<=2.3.7|>=2.0.0,<=2.2.17

Reported by:
GitHub
[HIGH] PHP file inclusion in the Sulu admin panel

PKSA-vy6d-prcg-w42z CVE-2021-43836 GHSA-vx6j-pjrh-vgjh

Affected version: =2.4.0-RC1|>=2.3.0,<2.3.8|>=2.0.0,<2.2.18|<1.6.44

Reported by:
GitHub
[MEDIUM] Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in sulu/sulu

PKSA-gccp-7sgc-fjvt CVE-2021-41169 GHSA-h58v-g3q6-q9fx

Affected version: <1.6.43

Reported by:
GitHub
[MEDIUM] XSS Injection in Media Collection Title was possible

PKSA-7zp7-xygz-tgfc CVE-2021-32737 GHSA-gm2x-6475-g9r8

Affected version: <1.6.41

Reported by:
GitHub
[MEDIUM] Reset Password / Login vulnerability in Sulu

PKSA-4jvw-2x8g-dmx9 CVE-2020-15132 GHSA-wfm4-pq59-wg6r

Affected version: >=2.1.0,<2.1.1|>=2.0.0,<2.0.10|<1.6.34

Reported by:
GitHub