Lucene search
GitHub Advisory DatabaseGHSA-V98M-398X-269RHistoryDec 13, 2023 - 1:24 p.m.
DOM-XSS on Backoffice login screen.
2023-12-1313:24:06
CWE-79
GitHub Advisory Database
github.com
5
dom-xss
backoffice
cross-site scripting
user login
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.0%
Impact
Cross-site scripting (XSS) enable attackers to bring malicious content into a website or application.
Explanation of the vulnerability
A DOM-XSS can be exploited when users are successfully logging into the Backoffice.
Affected configurations
Node
umbraco.cmsRange11.0.0–12.3.4
ORumbraco.cmsRange10.0.0–10.8.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| * | umbraco.cms | * | cpe:2.3:a:*:umbraco.cms:*:*:*:*:*:*:*:* |
Related
veracode
veracode
Cross-Site Scripting (XSS)
2023-12-13 07:12:03
cvelist
cvelist
CVE-2023-48313 Umbraco contains a DOM-XSS
2023-12-12 17:23:49
nvd
nvd
CVE-2023-48313
2023-12-12 18:15:22
prion
prion
Cross site scripting
2023-12-12 18:15:00
osv
osv
DOM-XSS on Backoffice login screen.
2023-12-13 13:24:06
CVE-2023-48313
2023-12-12 18:15:22
vulnrichment
vulnrichment
CVE-2023-48313 Umbraco contains a DOM-XSS
2023-12-12 17:23:49
cve
cve
CVE-2023-48313
2023-12-12 18:15:22
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.0%
Related for GHSA-V98M-398X-269R