GitHub_MVULNRICHMENT:CVE-2024-35218CVE-2024-35218 Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
4.2 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
5.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer.
CNA Affected
[
{
"vendor": "umbraco",
"product": "Umbraco-CMS",
"versions": [
{
"version": ">= 8.0.0, < 8.18.13",
"status": "affected"
},
{
"version": ">= 10.0.0, < 10.8.4",
"status": "affected"
},
{
"version": ">= 12.0.0, < 12.3.7",
"status": "affected"
},
{
"version": ">= 13.0.0, < 13.1.1",
"status": "affected"
}
]
}
]References
github.com/umbraco/Umbraco-CMS/commit/1b712fe6ec52aa4e71b3acf63e393c8e6ab85385
github.com/umbraco/Umbraco-CMS/commit/a2684069b1e9976444f60b4b37a80be05b87f6b6
github.com/umbraco/Umbraco-CMS/commit/cbf9f9bcd199d7ca0412be3071d275556f10b7ba
github.com/umbraco/Umbraco-CMS/commit/d090176272d07500dac0daee7c598aa8bb321050
github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-gvpc-3pj6-4m9w
Related
4.2 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
5.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%