📦 Sulu

CVE-2021-43835 is a privilege escalation vulnerability in Sulu CMS where authenticated users with any admin UI access can exploit the ProfileController API to grant themselves additional permissions t...

This vulnerability allows authenticated admin users in Sulu CMS to inject malicious scripts into collection titles, leading to cross-site scripting (XSS) attacks. The vulnerability affects Sulu versio...

Sulu CMS versions before 2.6.5 contain a cross-site scripting (XSS) vulnerability where low-privileged users with Media section access can upload malicious SVG files. When other users (including admin...