VYPR
Moderate severityNVD Advisory· Published Jan 21, 2025· Updated Feb 12, 2025

Umbraco Backoffice Components Have XSS/HTML Injection Vulnerability

CVE-2025-24012

Description

Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 contain a patch.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Umbraco.Cms.StaticAssetsNuGet
>= 14.0.0, < 14.3.214.3.2
Umbraco.Cms.StaticAssetsNuGet
>= 15.0.0, < 15.1.215.1.2
@umbraco-cms/backofficenpm
>= 14.0.0, < 14.3.214.3.2
@umbraco-cms/backofficenpm
>= 15.0.0, < 15.1.215.1.2

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.