VYPR

npm package

@umbraco-cms/backoffice

pkg:npm/%40umbraco-cms/backoffice

Vulnerabilities (2)

  • CVE-2025-24012Jan 21, 2025
    affected >= 14.0.0, < 14.3.2fixed 14.3.2

    Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2

  • CVE-2024-47819Oct 22, 2024
    affected >= 14.0.0, < 14.3.1fixed 14.3.1

    Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privi