Movatterモバイル変換

Skip to content

sulu/suluPublic

NotificationsYou must be signed in to change notification settings
Fork342
Star1.2k

Security

SECURITY.md

Security Policy

Supported Versions

Version	Supported
>= 2.5.0	✅
2.0 - 2.4	❌
1.6.x	✅
< 1.6	❌

See also documentation about theRelease Cycle.

Reporting a Vulnerability

You can contact us for security related issues by usingsecurity@sulu.io.

Inject arbitrary HTML/JavaScript code through the media download URL
GHSA-6784-9c82-vr85 publishedOct 3, 2024 bywachterjohannes
Moderate
Access to pages is granted regardless of role permissions
GHSA-jr83-m233-gg6p publishedMar 4, 2024 byalexander-schranz
Moderate
HTML Injection via Autocomplete Suggestion
GHSA-gfrh-gwqc-63cv publishedFeb 5, 2024 byalexander-schranz
Low
Observable Response Discrepancy on Admin Login
GHSA-wmwf-49vv-p3mr publishedAug 3, 2023 byalexander-schranz
Moderate
XSS via uploaded SVG
GHSA-255w-87rh-rg44 publishedOct 3, 2024 bywachterjohannes
Moderate
Privilege escalation in the Sulu Admin panel
GHSA-84px-q68r-2fc9 publishedDec 15, 2021 byalexander-schranz
Moderate
PHP file inclusion in the Sulu admin panel
GHSA-vx6j-pjrh-vgjh publishedDec 15, 2021 byalexander-schranz
Moderate
XSS injection in Tag autocomplete was possible
GHSA-h58v-g3q6-q9fx publishedOct 21, 2021 byalexander-schranz
Low
XSS Injection in Media Collection Title was possible
GHSA-gm2x-6475-g9r8 publishedJul 2, 2021 byalexander-schranz
Low
Reset Password / Login vulnerability
GHSA-wfm4-pq59-wg6r publishedAug 3, 2020 bydanrot
Moderate

Learn more about advisories related tosulu/sulu in theGitHub Advisory Database

[8]ページ先頭

©2009-2025 Movatter.jp