Описание
A vulnerability was found in Umbraco CMS up to 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.8.8, 13.5.3, 14.3.2 and 15.1.2 is able to address this issue. It is recommended to upgrade the affected component.
Ссылки
- Permissions RequiredThird Party AdvisoryVDB Entry
- Permissions RequiredThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:umbraco:umbraco_cms:12.3.6:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00272
Низкий
4.3 Medium
CVSS3
5.4 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 4.3
github
около 1 года назад
XSS/HTML Injection Vulnerability in Umbraco Preview Badge
EPSS
Процентиль: 50%
0.00272
Низкий
4.3 Medium
CVSS3
5.4 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-79
CWE-79