GHSA-4gmq-m9vp-jrwg

Source

https://github.com/advisories/GHSA-4gmq-m9vp-jrwg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-4gmq-m9vp-jrwg/GHSA-4gmq-m9vp-jrwg.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-4gmq-m9vp-jrwg

Aliases

CVE-2024-10761

Published

2024-11-04T06:30:30Z

Modified

2024-11-04T23:42:19.685333Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
1.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator

Summary

Umbraco CMS Cross-site Scripting vulnerability

Details

A vulnerability was found in Umbraco CMS 12.3.6. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

References

Affected packages

NuGet / Umbraco.Cms.Core

Package

Name: Umbraco.Cms.Core; View open source insights on deps.dev
Purl: pkg:nuget/Umbraco.Cms.Core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

12.3.6

Affected versions

9.*

9.0.0-rc001

9.0.0-rc002

9.0.0-rc003

9.0.0-rc004

9.0.0

9.0.1

9.1.0-rc

9.1.0

9.1.1

9.1.2

9.2.0-rc

9.2.0

9.3.0-rc

9.3.0

9.3.1

9.4.0-rc

9.4.0

9.4.1

9.4.2

9.4.3

9.5.0-rc

9.5.0-rc2

9.5.0-rc3

9.5.0

9.5.1

9.5.2

9.5.3

9.5.4

10.*

10.0.0-rc1

10.0.0-rc2

10.0.0-rc3

10.0.0-rc4

10.0.0-rc5

10.0.0

10.0.1

10.1.0-rc

10.1.0-rc2

10.1.0

10.1.1

10.2.0-rc

10.2.0

10.2.1

10.3.0-rc

10.3.0

10.3.1

10.3.2

10.4.0-rc

10.4.0

10.4.1

10.4.2

10.5.0-rc

10.5.0

10.5.1

10.6.0-rc

10.6.0

10.6.1

10.7.0-rc

10.7.0

10.8.0-rc

10.8.0

10.8.1

10.8.2

10.8.3

10.8.4

10.8.5

10.8.6

10.8.7

11.*

11.0.0-rc4

11.0.0-rc5

11.0.0-rc6

11.0.0

11.1.0-rc

11.1.0

11.2.0-rc

11.2.0

11.2.1

11.2.2

11.3.0-rc

11.3.0

11.3.1

11.4.0-rc

11.4.0

11.4.1

11.4.2

11.5.0-rc

11.5.0

12.*

12.0.0-rc1

12.0.0-rc2

12.0.0-rc3

12.0.0-rc4

12.0.0-rc5

12.0.0

12.0.1

12.1.0-rc

12.1.0

12.1.1

12.1.2

12.2.0-rc

12.2.0

12.3.0-rc

12.3.0

12.3.1

12.3.2

12.3.3

12.3.4

12.3.5

12.3.6