Описание
Umbraco CMS vulnerable to stored XSS
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS.
Пакеты
Наименование
UmbracoCms.Core
nuget
Затронутые версииВерсия исправления
<= 8.9.1
Отсутствует
Связанные уязвимости
CVSS3: 5.4
nvd
около 5 лет назад
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS.