GHSA-gvpc-3pj6-4m9w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-gvpc-3pj6-4m9w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-gvpc-3pj6-4m9w/GHSA-gvpc-3pj6-4m9w.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-gvpc-3pj6-4m9w
- Aliases
- Published
- 2024-05-21T14:47:24Z
- Modified
- 2024-05-21T15:47:23.393947Z
- Severity
-
- 4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
- Details
-
Impact
Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application.
Affected versions
Umbraco CMS >= 8.00
Patches
This is fixed in 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer
- Database specific
{ "nvd_published_at": "2024-05-21T14:15:12Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-05-21T14:47:24Z" }- References
-
- https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-gvpc-3pj6-4m9w
- https://nvd.nist.gov/vuln/detail/CVE-2024-35218
- https://github.com/umbraco/Umbraco-CMS/commit/1b712fe6ec52aa4e71b3acf63e393c8e6ab85385
- https://github.com/umbraco/Umbraco-CMS/commit/a2684069b1e9976444f60b4b37a80be05b87f6b6
- https://github.com/umbraco/Umbraco-CMS/commit/cbf9f9bcd199d7ca0412be3071d275556f10b7ba
- https://github.com/umbraco/Umbraco-CMS/commit/d090176272d07500dac0daee7c598aa8bb321050
- https://github.com/umbraco/Umbraco-CMS
Affected packages
NuGet / UmbracoCms.Core
Package
- Name
- UmbracoCms.Core
- View open source insights on deps.dev
- Purl
- pkg:nuget/UmbracoCms.Core
Affected versions
8.*
8.0.0
8.0.1
8.0.2
8.0.3
8.1.0
8.1.1
8.1.2
8.1.3
8.1.4
8.1.5
8.1.6
8.2.0-rc
8.2.0
8.2.1
8.2.2
8.2.3
8.3.0
8.3.1
8.4.0-rc
8.4.0
8.4.1
8.4.2
8.5.0
8.5.1
8.5.2
8.5.3
8.5.4
8.5.5
8.6.0-rc
8.6.0
8.6.1
8.6.2
8.6.3
8.6.4
8.6.5
8.6.6
8.6.7
8.6.8
8.7.0-rc
8.7.0
8.7.1
8.7.2
8.7.3
8.8.0-rc
8.8.0
8.8.1
8.8.2
8.8.3
8.8.4
8.9.0-rc
8.9.0
8.9.1
8.9.2
8.9.3
8.10.0-rc
8.10.0
8.10.1
8.10.2
8.10.3
8.11.0-rc
8.11.0
8.11.1
8.11.2
8.11.3
8.12.0-rc
8.12.0
8.12.1
8.12.2
8.12.3
8.13.0-rc
8.13.0
8.13.1
8.14.0-rc
8.14.0
8.14.1
8.14.2
8.14.3
8.14.4
8.15.0-rc
8.15.0
8.15.1
8.15.2
8.15.3
8.16.0-rc
8.16.0
8.17.0-rc
8.17.0-rc2
8.17.0
8.17.1
8.17.2
8.18.0-rc
8.18.0-rc2
8.18.0
8.18.1
8.18.2
8.18.3
8.18.4
8.18.5
8.18.6
8.18.7
8.18.8
8.18.9
8.18.10
8.18.11
8.18.12
NuGet / UmbracoCms.Core
Package
- Name
- UmbracoCms.Core
- View open source insights on deps.dev
- Purl
- pkg:nuget/UmbracoCms.Core
NuGet / UmbracoCms.Core
Package
- Name
- UmbracoCms.Core
- View open source insights on deps.dev
- Purl
- pkg:nuget/UmbracoCms.Core
NuGet / UmbracoCms.Core
Package
- Name
- UmbracoCms.Core
- View open source insights on deps.dev
- Purl
- pkg:nuget/UmbracoCms.Core