CVE-2024-35218

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-35218

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35218.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-35218

Aliases

GHSA-gvpc-3pj6-4m9w

Published

2024-05-21T13:42:27.260Z

Modified

2025-12-05T04:24:03.163403Z

Severity

4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane

Details

Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/35xxx/CVE-2024-35218.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/umbraco/umbraco-cms

Affected ranges

Type

GIT

Repo

https://github.com/umbraco/umbraco-cms

Events

Introduced

b8db430615d76521a4394a23f9928dc7c12f87bd

Fixed

9700dc72668cac59b84d97349582be45bb471059

Database specific

{
    "versions": [
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.18.13"
        }
    ]
}

Type

GIT

Repo

https://github.com/umbraco/umbraco-cms

Events

Introduced

e3f4b86f1c28e0ec30a1ad2a079e308af4cbfbf7

Fixed

cbf9f9bcd199d7ca0412be3071d275556f10b7ba

Database specific

{
    "versions": [
        {
            "introduced": "10.0.0"
        },
        {
            "fixed": "10.8.4"
        }
    ]
}

Type

GIT

Repo

https://github.com/umbraco/umbraco-cms

Events

Introduced

ba724ed97d77b9951a22fe693f9dd3bdd000047c

Fixed

1b712fe6ec52aa4e71b3acf63e393c8e6ab85385

Database specific

{
    "versions": [
        {
            "introduced": "12.0.0"
        },
        {
            "fixed": "12.3.7"
        }
    ]
}

Type

GIT

Repo

https://github.com/umbraco/umbraco-cms

Events

Introduced

9dfb3005bcd68f5399ee13263bfc462c69b39a66

Fixed

d090176272d07500dac0daee7c598aa8bb321050

Database specific

{
    "versions": [
        {
            "introduced": "13.0.0"
        },
        {
            "fixed": "13.1.1"
        }
    ]
}

Affected versions

release-10.*

release-10.0.0

release-10.0.1

release-10.1.0

release-10.1.0-rc

release-10.1.0-rc2

release-10.2.0

release-10.2.0-rc

release-10.2.1

release-10.3.0

release-10.3.0-rc

release-10.3.1

release-10.3.2

release-10.4.0-rc1

release-10.4.1

release-10.5.0

release-10.5.0-rc

release-10.6.0

release-10.6.0-rc

release-10.6.1

release-10.7.0

release-10.7.0-rc

release-10.8.0

release-10.8.0-rc

release-10.8.1

release-10.8.2

release-10.8.3

release-11.*

release-11.4.1

release-11.4.2

release-11.5.0

release-11.5.0-rc

release-12.*

release-12.0.0

release-12.0.1

release-12.1.0

release-12.1.0-rc

release-12.1.1

release-12.1.2

release-12.2.0

release-12.2.0-rc

release-12.3.0

release-12.3.0-rc

release-12.3.1

release-12.3.2

release-12.3.3

release-12.3.4

release-12.3.5

release-12.3.6

release-13.*

release-13.0.0

release-13.0.1

release-13.0.2

release-13.0.3

release-13.1.0

release-13.1.0-rc