GHSA-4gmq-m9vp-jrwg – umbraco.cms.core

Package

Manager: nuget
Name: umbraco.cms.core
Vulnerable Version: <0

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

EPSS: N/A pctlN/A

Details

Duplicate Advisory: Umbraco CMS Cross-site Scripting vulnerability # Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-69cg-w8vm-h229. This link is maintained to preserve external references. # Original Description A vulnerability was found in Umbraco CMS 12.3.6. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Metadata

Created: 2024-11-04T06:30:30Z
Modified: 2025-02-19T17:47:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-4gmq-m9vp-jrwg/GHSA-4gmq-m9vp-jrwg.json
CWE IDs: ["CWE-707", "CWE-79"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0