Umbraco is an ASP.NET content management system (CMS). Starting in 10.0.0 and prior to versions 10.8.1 and 12.3.4, Umbraco contains a cross-site scripting (XSS) vulnerability enabling attackers to bring malicious content into a website or application. Versions 10.8.1 and 12.3.4 contain a patch for this issue.
References
Link | Resource |
---|---|
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-v98m-398x-269r | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Dec 2023, 20:55
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-12 18:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-48313
Mitre link : CVE-2023-48313
CVE.ORG link : CVE-2023-48313
JSON object : View
Products Affected
umbraco
- umbraco_cms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')