GHSA-rpj9-xjwm-wr6w

Опубликовано: 28 мая 2024

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality

Impact

Stored Cross-site scripting (XSS) enable attackers to inject malicious code into Print Functionality

Patches

12.1.4, 10.0.5

References

https://docs.umbraco.com/umbraco-commerce/release-notes#id-13.0.0-december-13th-2023

Ссылки

Пакеты

Наименование

Umbraco.Commerce

nuget

Затронутые версииВерсия исправления

>= 12.0.0, < 12.1.4

12.1.4

Наименование

Umbraco.Commerce

nuget

Затронутые версииВерсия исправления

< 10.0.5

10.0.5

EPSS

Процентиль: 50%

0.00268

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2024-35240

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-35240

CVSS3: 5.4

nvd

больше 1 года назад

Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting (XSS) issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

EPSS

Процентиль: 50%

0.00268

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2024-35240

Дефекты

CWE-79