CVE-2024-10761

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-10761
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10761.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-10761
Aliases
Published
2024-11-04T05:15:04.693Z
Modified
2026-04-10T05:08:10.103679Z
Severity
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
[none]
Details

A vulnerability was found in Umbraco CMS up to 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.8.8, 13.5.3, 14.3.2 and 15.1.2 is able to address this issue. It is recommended to upgrade the affected component.

References

Affected packages

Git / github.com/umbraco/umbraco-cms

Affected ranges

Type
GIT
Repo
https://github.com/umbraco/umbraco-cms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e8a81e30b1680deca682a179705a0795959ea377
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "12.3.6"
        }
    ]
}

Affected versions

4.*
4.7.2
Release-4.*
Release-4.5.2
Release-4.6.0
Other
Sprint-Juno-A
release-netcore-alpha002
release-netcore-alpha004
release-10.*
release-10.0.0-rc1
release-12.*
release-12.1.0-rc
release-12.3.0-rc
release-12.3.1
release-12.3.2
release-12.3.3
release-12.3.5
release-12.3.6
release-6.*
release-6.1.0-beta
release-7.*
release-7.0.0
release-7.0.0-RC
release-7.0.0-beta
release-7.1.0
release-7.1.0-RC
release-7.1.1
release-7.1.2
release-7.1.3
release-7.1.4
release-7.2.0-alpha
release-7.2.0-beta
release-7.2.0-beta2
release-9.*
release-9.0.0
release-9.0.0-beta001
release-9.0.0-beta002
release-9.0.0-beta003
release-9.0.0-beta004
release-9.0.0-rc002
release-9.0.0-rc003
release-9.0.0-rc004
release-netcore-0.*
release-netcore-0.5.0-alpha001

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10761.json"