Home > Vulnerability Database > CVE-2024-24807

Mend.io Vulnerability Database

CVE-2024-24807

Date: February 5, 2024

Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones affected. The problem is patched with version(s) 2.4.16 and 2.5.12.

Language: JS

Severity Score

2.7

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-24807

Url: https://github.com/sulu/sulu/commit/570c78124ae97cb02469141b86ac69d9fb2cb147

Url: https://github.com/sulu/sulu/releases/tag/2.4.16

Url: https://github.com/sulu/sulu

Url: https://github.com/sulu/sulu/releases/tag/2.5.12

Url: https://github.com/sulu/sulu/security/advisories/GHSA-gfrh-gwqc-63cv

Url: https://www.mend.io/vulnerability-database/CVE-2024-24807

Severity Score

2.7

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CWE-80

CVSS v3.1

Base Score:	2.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-24807

Date: February 5, 2024

Language: JS

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?