Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the ??Media? section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims?? (other users including admins) browsers. This issue is fixed in 2.6.5.