GHSA-4gmq-m9vp-jrwg

Suggest an improvement
Source
https://github.com/advisories/GHSA-4gmq-m9vp-jrwg
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-4gmq-m9vp-jrwg/GHSA-4gmq-m9vp-jrwg.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-4gmq-m9vp-jrwg
Aliases
Published
2024-11-04T06:30:30Z
Modified
2024-11-04T23:42:19.685333Z
Severity
  • 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
  • 1.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
Summary
Umbraco CMS Cross-site Scripting vulnerability
Details

A vulnerability was found in Umbraco CMS 12.3.6. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Database specific
{
    "nvd_published_at": "2024-11-04T05:15:04Z",
    "cwe_ids": [
        "CWE-707",
        "CWE-79"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-04T23:22:46Z"
}
References

Affected packages

NuGet / Umbraco.Cms.Core

Package

Name
Umbraco.Cms.Core
View open source insights on deps.dev
Purl
pkg:nuget/Umbraco.Cms.Core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
12.3.6

Affected versions

9.*

9.0.0-rc001
9.0.0-rc002
9.0.0-rc003
9.0.0-rc004
9.0.0
9.0.1
9.1.0-rc
9.1.0
9.1.1
9.1.2
9.2.0-rc
9.2.0
9.3.0-rc
9.3.0
9.3.1
9.4.0-rc
9.4.0
9.4.1
9.4.2
9.4.3
9.5.0-rc
9.5.0-rc2
9.5.0-rc3
9.5.0
9.5.1
9.5.2
9.5.3
9.5.4

10.*

10.0.0-rc1
10.0.0-rc2
10.0.0-rc3
10.0.0-rc4
10.0.0-rc5
10.0.0
10.0.1
10.1.0-rc
10.1.0-rc2
10.1.0
10.1.1
10.2.0-rc
10.2.0
10.2.1
10.3.0-rc
10.3.0
10.3.1
10.3.2
10.4.0-rc
10.4.0
10.4.1
10.4.2
10.5.0-rc
10.5.0
10.5.1
10.6.0-rc
10.6.0
10.6.1
10.7.0-rc
10.7.0
10.8.0-rc
10.8.0
10.8.1
10.8.2
10.8.3
10.8.4
10.8.5
10.8.6
10.8.7

11.*

11.0.0-rc4
11.0.0-rc5
11.0.0-rc6
11.0.0
11.1.0-rc
11.1.0
11.2.0-rc
11.2.0
11.2.1
11.2.2
11.3.0-rc
11.3.0
11.3.1
11.4.0-rc
11.4.0
11.4.1
11.4.2
11.5.0-rc
11.5.0

12.*

12.0.0-rc1
12.0.0-rc2
12.0.0-rc3
12.0.0-rc4
12.0.0-rc5
12.0.0
12.0.1
12.1.0-rc
12.1.0
12.1.1
12.1.2
12.2.0-rc
12.2.0
12.3.0-rc
12.3.0
12.3.1
12.3.2
12.3.3
12.3.4
12.3.5
12.3.6