from 0, < 1.6.44
>= 2.0.0, < 2.2.18
MEDIUM6.8CVE-2024-27915Sulu grants access to pages regardless of role permissions >= 2.2.0, < 2.4.17
MEDIUM6.2Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in sulu/sulu
from 0, < 1.6.43
MEDIUM6.1Injection of arbitrary HTML/JavaScript code through the media download URL
>= 2.6.0, < 2.6.5
MEDIUM6.1Cross-site Scripting via uploaded SVG
>= 2.0.0-RC1, < 2.5.21
MEDIUM5.3Reset Password / Login vulnerability in Sulu
from 0, < 1.6.34
MEDIUM4.8XSS Injection in Media Collection Title was possible
from 0, < 1.6.41
MEDIUM4.3Sulu Observable Response Discrepancy on Admin Login
>= 2.5.0, < 2.5.10
—Sulu: Weak Cryptographical usage for API Key generation and Reset Tokens
>= 3.0.0-alpha1, < 3.0.6
—Sulu checks fix permissions for subentities endpoints
>= 1.0.0, < 2.6.22
—Sulu vulnerable to XXE in SVG File upload Inspector
>= 2.5.21, < 2.5.25
—Sulu HTML Injection via Autocomplete Suggestion
>= 2.0.0, < 2.4.16