CVE-2024-10761
MEDIUM4.3EPSS 0.21%XSS/HTML Injection Vulnerability in Umbraco Preview Badge
Published: 1/21/2025Modified: 2/19/2025
Description
### Impact Authenticated users are able to exploit an XSS vulnerability when viewing previewed content. ### Patches Will be patched in 10.8.8, 13.5.3, 14.3.2 and 15.1.2. ### Workarounds None available.
Affected packages (2)
- NuGet/Umbraco.Cms>= 11.0.0, < 13.5.3
- NuGet/Umbraco.Cms.Web.Common>= 11.0.0, < 13.5.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-10761
- PATCHhttps://github.com/umbraco/Umbraco-CMS
- WEBhttps://drive.google.com/file/d/1YoZgdlS3QT7Xu005j9RO-FFUT8RbB0Da/view?usp=sharing
- WEBhttps://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-69cg-w8vm-h229
- WEBhttps://vuldb.com/?ctiid.282930
- WEBhttps://vuldb.com/?id.282930
- WEBhttps://vuldb.com/?submit.427091