icon

We found results for “

CVE-2024-55488

Good to know:

icon
icon

Date: January 21, 2025

A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. NOTE: This has been disputed by the vendor since this potential attack is only possible via authenticated users who have been manually allowed access to the CMS. There was a deliberate decision made not to apply HTML sanitization at the product level.

Severity Score

Severity Score

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

icon

Upgrade Version

Upgrade to version Umbraco.Cms.Infrastructure - 13.7.0-rc;Umbraco.Cms.Infrastructure - 14.3.2;Umbraco.Cms.Infrastructure - 10.8.9;TSC.Client.Umbraco - 2.0.1;OzoneNZ.Umbraco.Cms.Infrastructure - no_fix;uSync.Cli - 15.0.0-beta1;ClerkIoConnector - 10.0.1;Umble.Construct - no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us