Products
Umbraco CMS
- 8.18.13
- 10.8.4
- 12.3.7
- 13.1.1
Source
security-advisories@github.com
Tags
CVE-2024-35218 details
Published : May 21, 2024, 2:15 p.m.
Last Modified : May 21, 2024, 4:54 p.m.
Last Modified : May 21, 2024, 4:54 p.m.
Description
Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer.
CVSS Score
| 1 | 2 | 3 | 4.2 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
Base Score
4.2
Exploitability Score
Impact Score
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
References
| URL | Source |
|---|---|
| https://github.com/umbraco/Umbraco-CMS/commit/1b712fe6ec52aa4e71b3acf63e393c8e6ab85385 | security-advisories@github.com |
| https://github.com/umbraco/Umbraco-CMS/commit/a2684069b1e9976444f60b4b37a80be05b87f6b6 | security-advisories@github.com |
| https://github.com/umbraco/Umbraco-CMS/commit/cbf9f9bcd199d7ca0412be3071d275556f10b7ba | security-advisories@github.com |
| https://github.com/umbraco/Umbraco-CMS/commit/d090176272d07500dac0daee7c598aa8bb321050 | security-advisories@github.com |
| https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-gvpc-3pj6-4m9w | security-advisories@github.com |
This website uses the NVD API, but is not approved or certified by it.