Improper Neutralization HTML tags in sulu/sulu

Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

SULU Sulu 跨站脚本漏洞

SULU Sulu是奥地利Sulu（SULU）公司的一款可扩展的、基于PHP的开源内容管理系统上的Symfony框架。 Sulu 存在跨站脚本漏洞，该漏洞源于1.6.43 之前的版本中会受到存储跨站点脚本攻击。攻击者可利用该漏洞执行客户端代码。

N/A

N/A