Количество 2
Количество 2
CVE-2024-47819
Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content. Versions 14.3.1 and 15.0.0 contain a patch. As a workaround, ensure that access to the Dictionary section is only granted to trusted users.
GHSA-c5g6-6xf7-qxp3
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-47819 Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content. Versions 14.3.1 and 15.0.0 contain a patch. As a workaround, ensure that access to the Dictionary section is only granted to trusted users. | CVSS3: 4.2 | 0% Низкий | больше 1 года назад |
| GHSA-c5g6-6xf7-qxp3 Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section | CVSS3: 4.2 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу