logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2024-55488 umbraco.cms.infrastructure

Package

Manager: nuget
Name: umbraco.cms.infrastructure
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS v4.0: N/A

EPSS: 0.00074 pctl0.22885

Details

Withdrawn Advisory: Umbraco Rich Text Display allows Cross-Site Scripting # Withdrawn Advisory This advisory has been withdrawn because the issue is a [documented security](https://docs.umbraco.com/umbraco-cms/reference/security/serverside-sanitizing). This link is maintained to preserve external references. For more information, see https://github.com/github/advisory-database/pull/5270. # Original Advisory A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Metadata

Created: 2025-01-22T18:31:55Z
Modified: 2025-02-13T16:44:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-572q-86rr-5vgq/GHSA-572q-86rr-5vgq.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-572q-86rr-5vgq
Finding: N/A
Auto approve: 0