CVE-2024-10761
MEDIUM4.3EPSS 0.21%XSS/HTML Injection Vulnerability in Umbraco Preview Badge
發布日:2025/1/21修改日:2025/2/19
描述
### Impact Authenticated users are able to exploit an XSS vulnerability when viewing previewed content. ### Patches Will be patched in 10.8.8, 13.5.3, 14.3.2 and 15.1.2. ### Workarounds None available.
受影響套件(2)
- NuGet/Umbraco.Cms>= 11.0.0, < 13.5.3
- NuGet/Umbraco.Cms.Web.Common>= 11.0.0, < 13.5.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-10761
- PATCHhttps://github.com/umbraco/Umbraco-CMS
- WEBhttps://drive.google.com/file/d/1YoZgdlS3QT7Xu005j9RO-FFUT8RbB0Da/view?usp=sharing
- WEBhttps://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-69cg-w8vm-h229
- WEBhttps://vuldb.com/?ctiid.282930
- WEBhttps://vuldb.com/?id.282930
- WEBhttps://vuldb.com/?submit.427091