Moderate severityNVD Advisory· Published Jan 22, 2025· Updated Feb 12, 2025
CVE-2024-55488
CVE-2024-55488
Description
A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. NOTE: This has been disputed by the vendor since this potential attack is only possible via authenticated users who have been manually allowed access to the CMS. There was a deliberate decision made not to apply HTML sanitization at the product level.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Umbraco.Cms.InfrastructureNuGet | < 15.0.0 | 15.0.0 |
Affected products
2- Umbraco/CMSdescription
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-572q-86rr-5vgqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-55488ghsaADVISORY
- umbraco.comghsaWEB
- github.com/github/advisory-database/pull/5270ghsaWEB
- github.com/umbraco/Umbraco-CMS/pull/17164ghsaWEB
- github.com/umbraco/Umbraco-CMS/releases/tag/release-15.0.0-rc1ghsaWEB
- www.nccgroup.com/us/research-blog/technical-advisory-cross-site-scripting-in-umbraco-rich-text-displayghsaWEB
- www.nccgroup.com/us/research-blog/technical-advisory-cross-site-scripting-in-umbraco-rich-text-display/mitre
News mentions
0No linked articles in our index yet.