2 matches found
CVE-2017-15279
Cross-site scripting XSS vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" aka nodename parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and...
CVE-2017-15279
Umbraco CMS prior to 7.7.3 contains an XSS vulnerability exploitable via the PageName/nodename parameter during new page creation. The issue arises from improper input sanitization, allowing an attacker’s script/HTML to be stored and subsequently served to users. Reported across multiple sources ...