GHSA-wrrj-r2j4-969w

Source

https://github.com/advisories/GHSA-wrrj-r2j4-969w

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wrrj-r2j4-969w/GHSA-wrrj-r2j4-969w.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-wrrj-r2j4-969w

Aliases

CVE-2018-17256

Published

2022-05-14T01:44:31Z

Modified

2024-02-16T08:04:28.706152Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Umbraco CMS vulnerable to stored XSS

Details

Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content.

Database specific

{
    "nvd_published_at": "2018-11-27T19:29:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-24T20:54:51Z"
}

References

Affected packages

NuGet / umbraco

Package

Name: umbraco; View open source insights on deps.dev
Purl: pkg:nuget/umbraco

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

7.12.3

Affected versions

5.*

5.0.310

5.0.310.1

5.0.1000

5.0.1000.1

5.1.0.161-rc

5.1.0.175

5.2.0-beta