Описание
Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.6.43 (исключая)
cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.00286
Низкий
6.2 Medium
CVSS3
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.2
github
больше 4 лет назад
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in sulu/sulu
EPSS
Процентиль: 52%
0.00286
Низкий
6.2 Medium
CVSS3
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79