A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload.
[
{
"product": "Umbraco CMS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "<= 8.9.1 or current (unfixed)"
}
]
}
]