CVE-2025-24012

Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 conta...

Cross-site Scripting (XSS)

Umbraco is vulnerable to cross-site scripting XSS. The vulnerability is due to improper sanitization in certain localized backoffice components, allowing authenticated users to inject malicious scripts when viewing these components...

CVE-2025-24012 Umbraco Backoffice Components Have XSS/HTML Injection Vulnerability

Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 conta...

PT-2025-5259 · Umbraco · Umbraco

Name of the Vulnerable Software and Affected Versions: Umbraco versions 14.0.0 through 14.3.1 Umbraco versions 15.0.0 through 15.1.1 Description: The issue allows authenticated users to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components...