CVE-2024-35218 – umbracocms.core

Package

Manager: nuget
Name: umbracocms.core
Vulnerable Version: >=8.0.0 <8.18.13 || >=10.0.0 <10.8.4 || >=12.0.0 <12.3.7 || >=13.0.0 <13.1.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0052 pctl0.6588

Details

Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane ### Impact Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. ### Affected versions Umbraco CMS >= 8.00 ### Patches This is fixed in 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer

Metadata

Created: 2024-05-21T14:47:24Z
Modified: 2025-02-12T18:33:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-gvpc-3pj6-4m9w/GHSA-gvpc-3pj6-4m9w.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-gvpc-3pj6-4m9w
Finding: F425
Auto approve: 1