
We found results for “”
CVE-2024-55488
Good to know:


Date: January 21, 2025
A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. NOTE: This has been disputed by the vendor since this potential attack is only possible via authenticated users who have been manually allowed access to the CMS. There was a deliberate decision made not to apply HTML sanitization at the product level.
Severity Score
Related Resources (9)
Severity Score
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79Top Fix

Upgrade Version
Upgrade to version Umbraco.Cms.Infrastructure - 13.7.0-rc;Umbraco.Cms.Infrastructure - 14.3.2;Umbraco.Cms.Infrastructure - 10.8.9;TSC.Client.Umbraco - 2.0.1;OzoneNZ.Umbraco.Cms.Infrastructure - no_fix;uSync.Cli - 15.0.0-beta1;ClerkIoConnector - 10.0.1;Umble.Construct - no_fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |