CVE-2024-35240

Опубликовано: 28 мая 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting (XSS) issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Ссылки

https://docs.umbraco.com/umbraco-commerce/release-notes#id-13.0.0-december-13th-2023
https://github.com/umbraco/Umbraco.Commerce.Issues/security/advisories/GHSA-rpj9-xjwm-wr6w
https://docs.umbraco.com/umbraco-commerce/release-notes#id-13.0.0-december-13th-2023
https://github.com/umbraco/Umbraco.Commerce.Issues/security/advisories/GHSA-rpj9-xjwm-wr6w

EPSS

Процентиль: 50%

0.00268

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-rpj9-xjwm-wr6w