Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page.
References
| Link | Resource |
|---|---|
| http://issues.umbraco.org/issue/U4-7461 | Exploit Issue Tracking |
| http://www.openwall.com/lists/oss-security/2016/02/16/10 | Mailing List |
| http://issues.umbraco.org/issue/U4-7461 | Exploit Issue Tracking |
| http://www.openwall.com/lists/oss-security/2016/02/16/10 | Mailing List |
Configurations
History
21 Nov 2024, 02:39
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://issues.umbraco.org/issue/U4-7461 - Exploit, Issue Tracking | |
| References | () http://www.openwall.com/lists/oss-security/2016/02/16/10 - Mailing List |
Information
Published : 2017-03-03 16:59
Updated : 2024-11-21 02:39
NVD link : CVE-2015-8815
Mitre link : CVE-2015-8815
CVE.ORG link : CVE-2015-8815
JSON object : View
Products Affected
umbraco
- umbraco
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')