CVE-2024-35240

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-35240

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35240.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-35240

Aliases

GHSA-rpj9-xjwm-wr6w

Published

2024-05-28T20:15:32Z

Modified

2025-10-21T02:35:06Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Stored Cross-site Scripting on Print Functionality in Umbraco Commerce

Details

Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting (XSS) issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_versions

[
    {
        "type": "",
        "events": [
            {
                "introduced": "12.0.0"
            },
            {
                "fixed": "12.1.4"
            }
        ]
    },
    {
        "type": "",
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "10.0.5"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35240.json"