VYPR
Moderate severityNVD Advisory· Published May 21, 2024· Updated Aug 2, 2024

Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane

CVE-2024-35218

Description

Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
UmbracoCms.CoreNuGet
>= 8.0.0, < 8.18.138.18.13
UmbracoCms.CoreNuGet
>= 10.0.0, < 10.8.410.8.4
UmbracoCms.CoreNuGet
>= 12.0.0, < 12.3.712.3.7
UmbracoCms.CoreNuGet
>= 13.0.0, < 13.1.113.1.1

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.