CVE-2024-24807

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Feb 5, 2024

Updated: Feb 12, 2024

CWE ID 79

CWE ID 80

Summary

CVE-2024-24807 is a vulnerability affecting Sulu, an open-source PHP content management system built on the Symfony framework. The issue arises when inputting HTML into the Tag name field, which gets executed when the tag name appears in the auto-complete form. This vulnerability only impacts admin users, who can create tags. Version 2.4.16 and 2.5.12 of Sulu have been released to address this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Sulu Sulu

Affected Vendors

Sulu

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uWktR_
https://www.cve.org/CVERecord?id=CVE-2024-24807
https://nvd.nist.gov/vuln/detail/CVE-2024-24807

Back to Vulnerability Database