Описание
XSS Injection in Media Collection Title was possible
Impact
A logged in admin user was possible to add a script injection (XSS) in the collection title which was executed.
Workarounds
Manual patching the js files.
For more information
If you have any questions or comments about this advisory:'
- Email us at security@sulu.io
Пакеты
sulu/sulu
< 1.6.41
1.6.41
Связанные уязвимости
Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating.
Уязвимость системы управления контентом Sulu, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки