CVE-2024-47617

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 3, 2024

Updated: Oct 8, 2024

CWE ID 79

Summary

CVE-2024-47617 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Sulu content management system. This issue permits an attacker to inject arbitrary HTML/JavaScript code through a media download URL in the Sulu CMS, specifically within the SuluMediaBundle component. Potential consequences of this vulnerability include the theft of sensitive information, manipulation of website content, or execution of malicious actions on behalf of the victim. The vulnerability is rectified in version 2.6.5 and 2.5.21 of Sulu.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Affected Vendors

Pluck -
Sulu

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/zBFX4j
https://www.cve.org/CVERecord?id=CVE-2024-47617
https://nvd.nist.gov/vuln/detail/CVE-2024-47617

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Know What Matters

For Customers

For Partners