Lucene search
Veracode Vulnerability DatabaseVERACODE:45367HistoryFeb 06, 2024 - 9:29 a.m.
HTML Injection
2024-02-0609:29:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
sulu
html injection
tag name
auto-complete form
vulnerability
improper html sanitization
software
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
AI Score
6.6
Confidence
High
EPSS
0.001
Percentile
21.1%
Sulu is vulnerable to HTML Injection. The vulnerability is due to improper HTML sanitization within the the Tag name. The HTML is executed when the tag name is listed in the auto complete form.
Related
nvd
nvd
CVE-2024-24807
2024-02-05 21:15:12
github
github
Sulu HTML Injection via Autocomplete Suggestion
2024-02-05 20:24:18
prion
prion
Design/Logic Flaw
2024-02-05 21:15:00
cvelist
cvelist
cve
cve
CVE-2024-24807
2024-02-05 21:15:12
osv
osv
Sulu HTML Injection via Autocomplete Suggestion
2024-02-05 20:24:18
CVE-2024-24807
2024-02-05 21:15:12
vulnrichment
vulnrichment
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
AI Score
6.6
Confidence
High
EPSS
0.001
Percentile
21.1%
Related for VERACODE:45367