CVE-2024-47617

Summary

CVE-2024-47617 is a vulnerability in Sulu CMS, specifically affecting the SuluMediaBundle component, which allows attackers to inject arbitrary HTML/JavaScript code via the media download URL, leading to a Reflected Cross-Site Scripting (XSS) issue. This vulnerability poses a medium-level risk, as it could enable attackers to steal sensitive information or manipulate website content, requiring user interaction for exploitation. To remediate this issue, users should update their installations to versions 2.6.5 or 2.5.21 or later. The affected products include a range of identifiers such as zJ-YA1, zKKle-, and zJ0um-. The potential impact on an organization includes compromised user data and unauthorized actions performed in the context of legitimate users' sessions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.