MEDIUM 5.8 NuGet
Umbraco Forms's Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length
GHSA-9v8m-qv22-f268 · CVE-2025-23041
Published · Modified
Description
Impact
Character limits configured by editors for short and long answer fields are validated only client-side, not server-side.
Patches
Patched in 8.13.16, 10.5.7, 13.2.2, 14.1.2
Ready to move
Start Securing
Free, no credit card | First findings in minutes