Main Vulnerability Database SB2024020556

SB2024020556 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Sulu

Published: February 5, 2024 Updated: May 12, 2026

Security Bulletin ID SB2024020556

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CVE-ID: CVE-2024-24807)

The vulnerability allows a remote user to execute arbitrary script in an administrator's browser.

The vulnerability exists due to improper neutralization of script-related html tags in the autocomplete suggestion feature when listing tag names in the auto complete form. A remote user can create a tag with crafted html content to execute arbitrary script in an administrator's browser.

Only administrative users can create tags, and the issue is triggered when the crafted tag name is shown in autocomplete suggestions.

Remediation

Install update from vendor's website.

SB2024020556 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Sulu

Breakdown by Severity

Description

Remediation

References

Please verify you're human