XSS/HTML Injection Vulnerability in Umbraco Preview Badge

GHSA-69cg-w8vm-h229 · CVE-2024-10761

Published Jan 21, 2025 · Modified Feb 19, 2025

Description

Impact

Authenticated users are able to exploit an XSS vulnerability when viewing previewed content.

Patches

Will be patched in 10.8.8, 13.5.3, 14.3.2 and 15.1.2.

Workarounds

None available.

References

4.3 / 10

MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Affected Packages

NuGet/Umbraco.Cms

Fix 10.8.8, 13.5.3, 14.3.2, 15.1.2

Introduced 10.8.7, 11.0.0, 14.0.0, 15.0.0

88 affected versions

10.8.711.0.011.1.011.1.0-rc11.2.011.2.0-rc11.2.111.2.211.3.011.3.0-rc11.3.111.4.011.4.0-rc11.4.111.4.211.5.011.5.0-rc12.0.012.0.0-rc112.0.0-rc2 +68 more

NuGet/Umbraco.Cms.Web.Common

Fix 10.8.8, 13.5.3, 14.3.2, 15.1.2

Introduced 10.8.7, 11.0.0, 14.0.0, 15.0.0

87 affected versions

10.8.711.0.011.1.011.1.0-rc11.2.011.2.0-rc11.2.111.2.211.3.011.3.0-rc11.3.111.4.011.4.0-rc11.4.111.4.211.5.011.5.0-rc12.0.012.0.0-rc112.0.0-rc2 +67 more

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes